Symantec Access Management

  • Private Community

  • 1.  Can I set a persistent cookie?

    Posted Feb 03, 2015 06:01 PM

    Hi,

     

    I am using Siteminder 12.5.  In my setup, when a user logs in, we set a number of custom session cookies.  We would like to set one persistent cookie.  This cookie would be used by our web analytics tool for page view tracking.  If a user logs out of Siteminder, restarts the browser, etc, we want this one cookie to remain.  We want our web analytics tool to continue tracking the user after they have logged out from Siteminder.

     

    Is there a way to have Siteminder set one custom cookie that persists and still have the other cookies remain session cookies?

     

    thank you

     

    chad



  • 2.  Re: Can I set a persistent cookie?

    Posted Feb 05, 2015 09:01 AM

    Could you inject some javascript code in your application which sets the persistent cookie?



  • 3.  Re: Can I set a persistent cookie?

    Posted Feb 05, 2015 11:03 AM

    Chad

     

    By Persistent do you mean Cookie on Users Browser OR also on Users Drive.

     

    You could set a HTTP_COOKIE (on User's Browser) response using siteminder responses as part of successful authentication event (OnAuthAccept). As long as the User's browser is open, even if he logs out from SiteMinder (SiteMinder session cookie are killed); the Response Cookie would be present. However if he closes the browser, then I guess that cookie is lost.

     

    You can name this cookie and set any value you'd like (either Static or UserAttribute from UserStore).

     

    Remember this Cookie would be a persistent cookie which is set using responses. Hence make sure you are not exposing any identity threats by setting values that could compromise. There are also way / tricks to reset the Cookie Value (e.g. just before logout OR on accessing a particular resource protected by SiteMinder). But these are solution designs and care should be taken whilst doing these custom solutions.

     

    Hubert



  • 4.  Re: Can I set a persistent cookie?

    Posted Feb 05, 2015 11:28 AM

    By persistent, I mean I want to the cookie to expire in a future date (ie  1/1/2027) and not get lost when the browser is closed.

     

    This cookie would not expose any data that could compromise the user.

     

    The problem is I don't see how to set the cookie expiration date for just one cookie.



  • 5.  Re: Can I set a persistent cookie?
    Best Answer

    Posted Feb 05, 2015 12:07 PM

    I think I figured it out.  In the Advanced section of the Response attribute setup, I added the cookie's expire date.  That seems to carry over.  Now for this one cookie the expiration date is set to 1/5/25 and it stays even when I close/restart the browser.  The other Siteminder cookies get lost when I restart the browser (which is what I want).

     

    Can anyone see any reason I shouldn't go this route?

    thanks

    chad

     

    Siteminder_setup.jpgSiteminder_session_cookie.jpg



  • 6.  Re: Can I set a persistent cookie?

    Posted Feb 05, 2015 03:41 PM

    I don't see any reason why not; unless the data for which the cookie is going to be used has sensitive information OR the cookie itself has sensitive information. If the security side is evaluated this looks good to go.

     

    Regards

     

    Hubert