What does OBSSOCookie Contain ?

Access Server generates a session token with a URL that contains the ObSSOCookie. Single sign-on works when the cookie is used or subsequent authorizations in lieu of prompting the user to supply authorization credentials. When the cookie is generated, part of the cookie is used as an encrypted session token.

The encrypted session token contains the following information:

• The distinguished name (DN) of the authenticated user
• The level of the authentication scheme that authenticated the user
• The IP address of the client to which the cookie was issued
• The time the cookie was originally issued
• The time the cookie was last updated

If the user has not been idle, the cookie is updated at a fixed interval to prevent the session from timing out. The update interval is one-fourth of the length of the idle session timeout parameter.

Unencrypted ObSSOCookie data includes:

• Cookie expiry time
• The domain in which the cookie is valid
• An optional flag that determines if the cookie can only be sent via SSL