What are Cookies?
- Maintains user info on the client machine
- Only accessible by the user and the cookie provider
- Maintains the session
- Types of cookies
– SessionCookie
– PersistentCookie
– SecureCookie - Cookie over SSL
In the SiteMinderenvironment, when your web browser connects to the Web Agent located on the WebServer, the Web Agent needs to have some identification and access level. Youridentification is contained within a small text file, “the cookie.” This allowsthe Web Agent to know who is trying to gain access to certain assets orprograms
An important characteristicof the cookie is that it maintains the session by maintaining the useridentification and access level information for the duration of the session.Referring to the HTTP protocol, one of it’s characteristics is that is has noinherent way to keep state. This means that HTTP itself does not include userdata in it’s effort to connect a web browser to a web server. Going into thedetail of how your web browser is connecting with the web server, theconnection is dependant upon the sending of data packets across the network.HTTP is responsible for getting the data packets between the machines, however,it is SiteMinder that is responsible for managing the identity and access levelof the user. SiteMinder relies on the information contained in the cookie tomanage and secure user access, creating a method that keeps track of a user andtheir access level. Without cookies, there is no way to know if a request isfrom the same user/application.
SiteMinder usesthree types of cookies:
• SMSession– A transient cookie that is killed by logging off or closing of the browser.SMSESSION is our session ticket. This cookie is RC2 128bit encrypted, and theencryption key can be changed as often as once an hour.
• Persistent– Persists over multiple browser sessions. Can be killed through a log offpage. Stored in a file on your system.
•Secure Cookie – The wholecommunications session between browser and web agent is occurs over SSL.Cookies can be session or persistent; however they are encrypted andtransmitted over SSL. The Web Agent must be configured to use SSL for sendingcookies.
•Secure Cookie – The wholecommunications session between browser and web agent is occurs over SSL.Cookies can be session or persistent; however they are encrypted andtransmitted over SSL. The Web Agent must be configured to use SSL for sendingcookies.