Using Persistent Cookies

A persistent cookie is one that continues to exist after the web browser is closed, allowing a user to login with a new browser session without having to re-authenticate. The cookie value is a 3DES-encrypted string containing the userDN, realm name, authentication module name, maximum session time, idle time, and cache time. To Use Persistent Cookies contains the procedure to enable this function.

Persistent cookies do not work with the Distributed Authentication User Interface or when using Cross Domain Single Sign-on. If enabled and using either of these options, a regular cookie will be created.

To Use Persistent Cookies

Programmatically, Persistent Cookie mode can be enabled by using the setPersistentCookieOn() method of the com.sun.identity.authentication.spi.AMLoginModule class. See Chapter 1, Using the Authentication Service API and SPI, in Sun OpenSSO Enterprise 8.0 Developer’s Guide for more information.

1. Configure the Authentication Service to use persistent cookies in the Core authentication module.

   Enable the Persistent Cookie Mode attribute and modify, if necessary, the value of the Persistent Cookie Maximum Time attribute. See To Modify Core Authentication Properties By Realm for the procedure.

2. (Optional) Modify the persistent cookie name using this sub procedure.

   1. Click Servers and Sites under the Configuration tab.

   2. Click Default Server Settings.

   3. Click Advanced.

   4. Change the value of the com.iplanet.am.pcookie.name property.

      The default value is DProPCookie.

   5. Click Save.

3. Append the iPSPCookie=yes parameter to the User Interface Login URL.

   http://OpenSSO-machine-name.domain:port/opensso/UI/Login?realm=hr&iPSPCookie=yes

   Once the user authenticates using this URL, if the browser is closed, the user can open a new browser window and will be redirected to the console without re-authenticating. This will work until the time defined as the value of Persistent Cookie Maximum Time elapses.