NHSDigital · stephhou · Mar 12, 2026 · Mar 11, 2026 · Mar 11, 2026 · Mar 12, 2026
diff --git a/lung_cancer_screening/questions/jinja2/cookies.jinja b/lung_cancer_screening/questions/jinja2/cookies.jinja
@@ -51,18 +51,41 @@
           <tbody class="nhsuk-table__body">
             <tr role="row" class="nhsuk-table__row">
               <td class="nhsuk-table__cell">
-                <p>auth</p>
+                <p>sessionid</p>
               </td>
               <td class="nhsuk-table__cell">
-                <p>This cookie is set when you log in to the NHS check if you need a lung scan service.
-                  It makes temporary use of your personal information previously collected by us.
-                  It's used to ensure you're securely logged in and your information is secure and is deleted when your
-                  session ends. </p>
+                <p>This cookie is used by Django to identify your session on the site. It allows the website to remember
+                  information as you navigate between pages. No personal data is stored in the cookie itself, it only
+                  contains a session identifier. </p>
               </td>
               <td class="nhsuk-table__cell">
-                <p>The end of the session. When you close the app or browser window, sign out or your session expires.
+                <p>The end of the session. When you close the browser window, sign out or your session expires.</p>
+              </td>
+            </tr>
+            <tr role="row" class="nhsuk-table__row">
+              <td class="nhsuk-table__cell">
+                <p>ASLBSA and ASLBSACORS</p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <p>These cookies are created by Azure and help identify different users even if they share the same IP
+                  address, allowing for a more even distribution of traffic among origins. </p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <p>The end of the session. When you close the browser window, sign out or your session expires. </p>
+              </td>
+            </tr>
+            <tr role="row" class="nhsuk-table__row">
+              <td class="nhsuk-table__cell">
+                <p>csrftoken</p>
+              </td>
+              <td class="nhsuk-table__cell">
+                <p>This cookie is created by Django to protect the site from Cross‑Site Request Forgery (CSRF) attacks.
+                  It ensures that form submissions and other actions come from you and not from a malicious third party.
                 </p>
               </td>
+              <td class="nhsuk-table__cell">
+                <p>Typically one year, unless your browser clears cookies. </p>
+              </td>
             </tr>
           </tbody>
         </table>