• All requests to a Joomla website start a session which stores the IP address in the session data and creates a session cookie in the user's browser. The IP address is used as a security measure to help protect against potential session hijacking attacks and this information is deleted once the session has expired and its data purged. The session cookie's name is based on a randomly generated hash and therefore does not have a constant identifier. The session cookie is destroyed once the session has expired or the user has exited their browser.
  • Joomla's logging system records the IP address of the visitor which leads to a message being written to its log files. These log files are used to record various activity on a Joomla site, including information related to core updates, invalid login attempts, unhandled errors, and development information such as the use of deprecated APIs.
  • When a network connection is available, a Joomla installation will attempt to communicate with the joomla.org servers for various capabilities, to include:
    • Checking for updates for the Joomla application
    • Help screens for core Joomla extensions
    • The Install from Web service (opt-in)
    • The statistics collection server (opt-in)
    As with all HTTP requests, the IP address of your server will be transmitted as part of the request. For information on how Joomla processes data on its servers, please review our privacy policy.
  • In conjunction with a plugin which supports a "Remember Me" feature, such as the "System - Remember Me" plugin, this plugin creates a cookie in the user's browser if a "Remember Me" checkbox is selected when logging into the website. This cookie can be identified with the prefix `joomla_remember_me` and is used to automatically log users into the website when they visit and are not already logged in.
  • The reCAPTCHA plugin integrates with Google's reCAPTCHA system as a spam protection service. As part of this service, the IP address of the user answering the captcha challenge is transmitted to Google.
  • In order to process information requests, information about the user must be collected and logged for the purposes of retaining an audit log. The request system is based on an individual's email address which will be used to link the request to an existing site user if able.