| Bookshelf Home | Contents | Index | Search | PDF | |
Siebel Web Client Administration Guide > Deploying Siebel Web Clients > Using Cookies with Siebel Applications >
Session Cookie
The session cookie consists of the session ID generated for a user's session. This cookie is used to manage the user position in the session. This cookie applies to the Siebel Web Client only.
The Siebel application can run in either cookie-based mode or cookieless mode. Use cookieless mode if a particular browser does not support cookies.
- Cookie-based mode. When a user successfully logs into the application, a unique session ID is generated. The components of the session ID are generated in the Siebel Server and sent to the Session Manager running in the Siebel Web Server Extension. In cookie-based mode, the session ID is passed to the user's browser in the form of a non-persistent cookie.
Session ID components include the applicable server ID, process ID, and task ID, combined with a timestamp. All values are in hexadecimal form, as shown:
server_ID.process_ID.task_ID.timestamp
For example, the session ID may resemble this:
sn=!1.132.6024.3ca46b0a
The session ID is encrypted in the cookie if the
EncryptSessionIdparameter is set toTRUEin the eapps.cfg file. Encrypting the session ID prevents unauthorized attackers from capturing the cookie and determining its format.The session cookie is non-persistent and is stored in memory only. It stays in the browser for the duration of the session, and is deleted when the user logs out or is timed out.
For every application request that the user makes during the session, the cookie is passed to the Web server in an HTTP header as part of the request. Without a valid cookie in the HTTP header, the Web server will not honor that request.
- Cookieless mode. By default, Siebel applications use session cookies. However, if the user's browser does not support or allow the use of cookies, the session automatically uses cookieless mode.
In cookieless mode, the session ID is passed as an argument in the SWE construct of the URL. Any URL request passed to the Web server from the browser must include a valid session ID, or it will be rejected by the Web server.
The session ID in the URL is encrypted if the
EncryptSessionIdparameter is set toTRUEin the eapps.cfg file.The Siebel application can be configured to not use cookies for session management—that is, it can be set to operate in cookieless mode at all times. For more information, see Siebel Server Installation Guide and Security Guide for Siebel eBusiness Applications.
| Bookshelf Home | Contents | Index | Search | PDF | |
Siebel Web Client Administration Guide Published: 18 June 2003 |