Bookshelf Home | Contents | Index | Search | PDF |
Security Guide for Siebel eBusiness Applications > Authentication Details >
Cookies and Session Management
Four cookies are generated dynamically by the Siebel Web Engine when a Web session starts:
- Session cookie
- Auto-login cookie
- SSO for Siebel Reports cookie
- Mode cookie
The Siebel Web Engine generates cookies as a default feature. No configuration is required. You should not modify any of the cookies.
If a browser does not support cookies or a user disables cookies, Siebel Web Engine manages the session in cookieless mode. You can configure Siebel Web Engine to function in cookieless mode for all sessions.
For more information about cookies used by Siebel applications and about modifying how your Web browser supports cookies, refer to Siebel Web Client Administration Guide.
Session Cookie
The session cookie manages the Web session for a Siebel Web application.
- Cookie name. _sn
- Applications. Siebel employee, partner, and customer applications
- Format.
Session ID
- Consequence if cookies are disabled. Siebel Web Engine supports cookieless sessions. The session ID becomes part of the URL.
For information about cookieless sessions, see Cookieless Sessions.
Auto-Login Cookie
The auto-login cookie underlies the Remember My User ID and Password feature. Encrypted user information is collected to a desktop cookie. If the user subsequently accesses the application URL through another browser window, the user information is provided to the application so the user does not have to log in again.
- Cookie name. start.swe.
- Applications. Siebel employee, partner, and customer applications.
- Format.
start.swe=
encrypted_user_information
.- Consequence if cookies are disabled. Auto-login does not work in cookieless mode.
Cookieless Sessions
A Web session can be managed without cookies. In cookieless mode, the session management information for each page is included in its URL.
Functionality provided by the auto-login cookie is not available in cookieless mode.
A cookieless session is invoked when the browser does not send back a session cookie to the Siebel Web Engine. This event can be caused by cookies being disabled by the user or by a browser that does not support cookies.
You may want a Siebel application to function in cookieless mode for all sessions for reasons such as security requirements that do not permit cookies. You can set a Siebel application to function in cookieless mode by setting the
URLSession
parameter toTRUE
for the application in the eapps.cfg file.For information about additional eapps.cfg parameters that relate to cookies, such as
AutomaticSession
orCookieSession
, refer to Siebel Server Installation Guide.For information about setting parameter values in the eapps.cfg file, see Editing Parameter Values in the eapps.cfg File.
Bookshelf Home | Contents | Index | Search | PDF |
Security Guide for Siebel eBusiness Applications Published: 23 June 2003 |