1. Security Guide
  2. Session Cookie

Session Cookie

The session cookie consists of the session ID generated for a user’s session. This cookie is used to manage the state of the user’s session. The session cookie applies to the Siebel Web Client only.

Web browsers with cookie handling disabled cannot maintain a Siebel user session.

When a Siebel Web Client user successfully logs into Siebel Business Applications, a unique session ID is generated for that user. The steps involved in a user session are as follows:

  1. The components of the session ID are generated in the Siebel Server and sent to the Session Manager running in the Siebel Application Interface.

  2. The session ID is passed to the client in a cookie.

  3. The following occurs:

    • The session ID is passed to the user’s browser in the form of a nonpersistent cookie which is stored in memory. It stays in the browser for the duration of the session, and is deleted when the user logs out or is timed out.

    • For every application request that the user makes during the session, the cookie is passed to the Web server in an HTTP header as part of the request.

    • The Siebel Application Interface parses the incoming cookie to obtain the session ID and, if the ID is valid, processes the request. If the HTTP header does not include a cookie containing a valid session ID, then the Web server does not honor that request.

Session cookie is used to maintain a stateful session and the SRN, which is generated after an explicit user login is used to maintain a secure session for the logged in user. SRN protects all writer operations in a user session.