A script-enabled browser is required for this page to function properly.

REPORTS_COOKIE_EXPIRE environment variable

This environment variable specifies the lifetime of a cookie within a given Reports Server session.

If Single Sign-On is not being used, then any user accessing a secured instance of the Reports Server is challenged to identify themselves by rwservlet through its own authentication mechanism (identical to the behavior of Oracle Reports 6i). Because the HTTP 1.0 protocol is stateless (that is, each call to the server is effectively independent of all others), users might need to authenticate themselves for each report request unless a cookie is maintained.

To allow users to authenticate themselves only once per session, rwservlet has its own client-side cookie, the authid cookie, in which it stores the required authentication information for the current session. Once the user is authenticated, an encrypted cookie is created in the browser to enable the user to submit multiple report jobs without re-authenticating for each request. The authid cookies are terminated when the user closes their browser session, but you should not rely strictly on this method of terminating the cookie. You should limit the lifetime of the cookie within a given session using the REPORTS_COOKIE_EXPIRE environment variable. For example, a user might log on and then go to lunch, leaving the browser session open. To minimize the potential for a security breach in this situation, the administrator may define the REPORTS_COOKIE_EXPIRE environment variable on the Reports Server. When rwservlet receives a job request, it compares the time saved in the cookie with the current system time. If the time is longer than the number of minutes defined in the environment variable (for example, 30 minutes), the cookie is rejected and the user is challenged to provide authentication information.

Note: If you want to force users to authenticate themselves for a specific report, you can use the SHOWAUTH command line keyword. Alternatively, you can include a %S in the corresponding report entry in the key map file. This file is usually called cgicmd.dat and is located in ORACLE_HOME/reports/conf. %S forces users to enter their user name and password each time the report is called.

Valid Values

Any number of minutes

Default

30


U
sage notes

Example

REPORTS_COOKIE_EXPIRE=30

See also

"Securing Oracle Reports" chapter in OracleAS Reports Services Publishing Reports to the Web

Environment variables