Cookies
Every cookie this site sets, what it does, and how long it lives. No tracking, no analytics.
The short version
We only use cookies that are strictly necessary for the site to work — keeping you signed in and protecting forms from CSRF. We don’t set analytics cookies, advertising cookies, or third-party trackers.
What we set
| Cookie | Purpose | Lifetime |
|---|---|---|
krb-deck_session
|
Keeps you signed in and remembers session state across requests. | 2 hours |
XSRF-TOKEN
|
Protects forms from cross-site request forgery. | 2 hours |
krb.cookieConsent
(localStorage)
|
Remembers that you dismissed the cookie banner so it doesn’t come back on every page. | until cleared |
Sign-in flow (Google)
When you click «Sign in», we redirect you to Google. Google sets its own cookies on its own domain — we don’t see them and can’t read them. During the round-trip, our session cookie holds a one-time OAuth state value to prevent login CSRF; it’s thrown away as soon as the callback succeeds.
Third-party content
Avatars served from Google’s URLs (when you haven’t set an in-game avatar yet) are loaded directly from
googleusercontent.com. Loading them tells Google that some client requested an image, but
no identifying cookies are sent from this site. If that’s a concern, set an in-game avatar from your profile
page and Google avatars stop loading entirely.
Resetting your choice
You can clear the dismissal at any time and the banner will return:
Or clear the krb.cookieConsent entry directly from your browser’s storage panel.
Browser-level controls
You can also block or delete cookies in your browser settings. Note: blocking the session cookie will sign you out and prevent posting decks/comments. The site will still load read-only.