Cookies used by Asset Bank

What is a cookie?

A cookie is a file stored automatically on your computer by a website or web application. Proper use of cookies is to help the site function (for example to record the fact that you have 'logged in') or to make it easier for you to use the site (for example by recording your preferences).

Does Asset Bank use cookies?

Yes - Asset Bank uses one session-scoped cookie that is essential to its operation, and may use a number of optional cookies depending on how your Asset Bank has been set up.

What cookies does Asset Bank use?

Tomcat Session Cookie

Asset Bank runs on a server in an application called 'Tomcat'. Tomcat places a temporary session cookie called JSESSIONID on your computer so that Asset Bank can maintain your user session as you navigate around the site. This cookie contains no personal information - all it stores is a numeric ID that has meaning only to Tomcat for the duration of your session. The cookie has no use after the end of your session on Asset Bank.

'Remember Me' Cookie

Asset Bank can be configured to show a 'Remember Me?' checkbox on the login page. (This checkbox may be labelled something else, for example 'Log in automatically next time?' ).

If this checkbox is showing on your Asset Bank's login page, and you tick it, then Asset Bank will place a cookie called 'AssetBankUserAuth' on your computer. This cookie will be used next time you visit Asset Bank so that you can be identified and logged in automatically. The only information this cookie contains is an encrypted value representing your Asset Bank numeric user ID (not your username).

CookieTokenSSOPlugin Cookie

Asset Bank supports the use of a cookie to enable Single Sign-on (SSO), for example between an organisation's intranet and their Asset Bank. The information stored in this cookie can vary depending on how your IT team has implemented the SSO, but is likely to store encrypted details including your username. Note that most implementations of Asset Bank will not use this form of SSO and therefore won't use this cookie. If your organisation does then they are likely to make you aware of this for example on Asset Bank's login page.

Encrypted User Details Cookie

This cookie is disabled on most Asset Banks because it was developed for a specific client.

It is only enabled when user-details-cookie=true in WEB-INF/classes/ApplicationSettings.properties (the default setting is user-details-cookie=false). When the setting is enabled a cookie called 'AssetBankUserDetails' will be placed on your computer when you log in to Asset Bank. It contains your username, id, email address and name encrypted using AES.


Was this article helpful?

Yes No

Thanks for your feedback!