Conditions for using session cookies

Conditions for using session cookies
The following basic conditions apply to session cookies:
The session cookie contains session information only; it does not contain identity information.
The session cookie is located only in the browser memory (it is not written to the browser cookie jar on the disk).
The session cookie has a limited lifetime.
The session cookie is a server-specific cookie; the browser can send this cookie in a request only to the same host where the cookie was created.
Client browsers can be configured to either accept or reject cookies. If a client browser rejects a session cookie and then successfully logs in, WebSEAL must, for each additional request by the client, establish a new session by reauthenticating the user. With basic authentication (BA) however, WebSEAL uses BA header information to reauthenticate the user and the user never experiences a prompt to re-login. However, the overhead of reauthentication and session creation can reduce server performance.

Parent topic: Session cookies