> ## Documentation Index > Fetch the complete documentation index at: https://docs.prelude.so/llms.txt > Use this file to discover all available pages before exploring further. # Cookies > Learn about the cookies used by Prelude Auth. Prelude Auth uses cookies to manage authentication and verification processes securely. Modern web browsers block third-party cookies by default. To ensure that the cookies necessary for Prelude Auth to work correctly won't be blocked, you need to set up a [custom domain name](/session/documentation/domain-names) that is a subdomain of the domain your application is hosted on. There are two primary types of cookies used by the API: ## Refresh Cookies **Cookie Name**: `__Host-refresh_{app_id}` Refresh cookies are used to maintain user sessions and enable the generation of new access tokens without requiring users to re-authenticate. These cookies are: * Sent to the client after successful authentication * Used in the `/v1/session/refresh` endpoint to obtain new access tokens * Required for the `/v1/session/revoke` endpoint when logging out ## Verification Cookies **Cookie Name**: `__Host-verification-login_{app_id}` Verification cookies are used during the authentication process to maintain state between verification steps. These cookies: * Store temporary verification state during multi-step authentication flows * Are used with the verification endpoints for both phone and email verification * Are automatically cleared once the verification process is complete Both cookie types are designed with security in mind and include appropriate flags for secure transmission and storage.