Cookie Policy
Last Updated: November 15, 2025
1. What Are Cookies
Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to the site owners. Cookies help us remember your preferences, understand how you use our Services, and improve your experience.
This Cookie Policy explains what cookies are, how we use them, the types of cookies we use, and how you can control or delete them.
2. How We Use Cookies
We use cookies for the following essential purposes:
- Authentication: To keep you logged in and verify your identity across different pages
- Security: To protect against cross-site request forgery (CSRF) and other security threats
We do not use analytics, advertising, or tracking cookies. All cookies we set are strictly necessary for the website to function.
3. Cookies We Use
We only use essential cookies that are strictly necessary for the website to function. These cookies cannot be disabled as they are required for authentication and security.
| Cookie Name | Purpose | Duration |
|---|---|---|
| rusty_rails_session | Stores your encrypted session token to keep you logged in. This cookie is httpOnly, secure, and uses AES-256-CBC encryption. | Session (until logout) |
| idp.csrf_token | Protects against Cross-Site Request Forgery (CSRF) attacks by validating that form submissions originate from our website. | 1 hour |
Note: Both cookies use strict security settings including httpOnly (cannot be accessed via JavaScript), secure (HTTPS only in production), and sameSite attributes to prevent unauthorized access.
4. First-Party Cookies Only
All cookies listed above are first-party cookies, meaning they are set directly by Rusty Rails (rustyrails.org). We have full control over these cookies and do not share the data they contain with third parties.
External Authentication
When you authenticate via Steam or link your Discord account, you will be redirected to those respective platforms:
- Steam OpenID: Steam may set their own cookies during the authentication process on their domain (steampowered.com)
- Discord OAuth: Discord may set their own cookies during account linking on their domain (discord.com)
These cookies are set on their respective domains and are governed by Steam's and Discord's privacy policies. We do not have access to or control over these third-party cookies.
5. Cookie Duration
Our cookies have the following lifespans:
- Session Cookie (rusty_rails_session): Persists until you log out or close your browser. This allows you to remain logged in while navigating the site.
- CSRF Token (idp.csrf_token): Expires after 1 hour or when your browser session ends. A new token is automatically generated as needed.
6. Managing Cookies
6.1 Essential Cookies Cannot Be Disabled
Because we only use essential cookies that are strictly necessary for authentication and security, there is no option to disable them while using our Services. Without these cookies:
- You will not be able to log in or maintain a logged-in session
- Form submissions will fail due to missing CSRF protection
- The website will not function properly
6.2 Browser Settings
You can still manage cookies through your browser settings if you choose not to use our Services:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Cookies and website data
- Edge: Settings → Cookies and site permissions → Cookies and site data
Note: Blocking cookies from rustyrails.org will prevent you from using the website's features.
7. Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want your online activity tracked.
Since we do not use tracking, analytics, or advertising cookies, the DNT signal does not affect our Services. We only use essential cookies required for the website to function, and we do not track your browsing activity across other websites.
8. Updates to This Policy
We may update this Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date.
9. More Information
For more information about how we collect, use, and protect your data, please see our Privacy Policy.
If you have questions about this Cookie Policy, please contact us:
10. Additional Resources
To learn more about cookies and online privacy, visit: