Browser Cookie Independence

The system does not require or interfere with client browser cookies. Domain limited session cookies are sent by the isapi authentication filter as an additional identification mechanism, however, they are not required. Session cookies expire at the end of a browser session and are not stored on a users hard disk. The domain specific session cookie used by the isapi authentication filter consists of a single 128 bit cryptographic MD5 hash and a session identifier. The username and password are not stored in the session cookie. As a domain limited session cookie, it is returned by the browser only to the issuing domain.


Authentication Protocols
Communication Protocols
table of contents
full printable document





password protection ...
... industrial strength
distributed password protection
iis basic authentication
iis digest authentication

copyright(c) 2003
all rights reserved

design -