Equipit uses a single authentication cookie to keep you signed in. No tracking, analytics, or third-party cookies are used.
What about cross-origin access (CORS)?
CORS (Cross-Origin Resource Sharing) controls which other websites or apps can talk to this server. Equipit is configured to only allow requests from specific approved addresses — your admin has set those in the CORS_ALLOWED_ORIGINS environment variable.
The authentication cookie is sent only when both the site and the request come from the same origin (sameSite). This prevents malicious sites from stealing your session.