Our cookie is named session_token which is quite generic. We strip this when forwarding application traffic, meaning any application hosted cannot use this cookie. I suggest we prefix all our cookies with coder_ to deconflict anything in future.

Cookie names:

Cookie Strip: