The e-community cookie

• The e-community cookie is a domain-specific cookie set by one WebSEAL server, is stored in the memory of the user's browser, and is transmitted to other WebSEAL servers (in the same domain) in subsequent requests.
• The domain-specific cookie contains the name of the vouch-for server, the e-community identity, a location (URL) of the vouch-for server and functionality, and a lifetime (timeout) value. The cookie contains no user or security information.
• The e-community cookie allows servers in participating domains to request vouch-for information locally. The e-community cookie for the domain where the MAS is located plays a less significant role.
• The cookie has a lifetime value set in the WebSEAL configuration file. This lifetime value specifies how long a remote server is able to provide vouch-for information for the user. When the cookie lifetime has expired, the user must be redirected to the MAS for authentication.

• If the value of the disable-ec-cookie option in the [e-community-sso] stanza is yes, then the MAS is the only server permitted to generate vouch-for tokens.
• The cookie is cleared from memory when the browser is closed. If the user logs out of a specific domain, the e-community cookie is overwritten as empty. This action effectively removes it from the browser.

Parent topic: E-community single signon concepts