Does Encryption Management Server Web Email Protection use cookies?

book

Article ID: 158070

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

Encryption Management Server Web Email Protection uses cookies. This article describes the cookies that are used.

Currently it is for each organization using Web Email Protection to determine whether they believe Web Email Protection is exempt from, for example, the EU Privacy and Electronic Communications Directive under the provisions of Article 29 Working Party opinion 04/2012. This opinion clarifies that some usage of session-ID cookies, multimedia cookies and user interface customisation cookies are exempt.

Environment

Encryption Management Server 3.4.1 and above running Web Email Protection.

Resolution

As soon as a user opens the Web Email Protection home page (https://keys.example.com in this case), a cookie with the name JESSIONID is downloaded with the following attributes. The data in the Values row will change for each session:

Name: JSESSIONID
Value: 26CCA32418BF368D0E846222E7898DDA
Domain: keys.example.com
Path: /b
Flags: secure, httpOnly
Expiry date: At end of session

 

When the user successfully logs into their Web Email Protection account an additional cookie is downloaded with the following attributes. The data in the Values row will change for each session:

Name: currentUser
Value: 0ff4dc47-362b-4bbd-aaa7-ed4730197ecc
Domain: keys.example.com
Path: /b/
Flags: secure
Expiry date: At end of session

When the user logs out of their Web Email Protection account they are returned to the Web Email Protection home page. The currentUser cookie is deleted at this point.

The JSESSIONID cookie is deleted when the user closes the browser. It may be deleted when the user closes the tab depending on which browser they use and how it is configured.