Does Encryption Management Server Web Email Protection use cookies?
Article ID: 158070
Updated On:
Products
Issue/Introduction
Encryption Management Server Web Email Protection uses cookies. This article describes the cookies that are used.
Currently it is for each organization using Web Email Protection to determine whether they believe Web Email Protection is exempt from, for example, the EU Privacy and Electronic Communications Directive under the provisions of Article 29 Working Party opinion 04/2012. This opinion clarifies that some usage of session-ID cookies, multimedia cookies and user interface customisation cookies are exempt.
Environment
Encryption Management Server 3.4.1 and above running Web Email Protection.
Resolution
As soon as a user opens the Web Email Protection home page (https://keys.example.com in this case), a cookie with the name JESSIONID is downloaded with the following attributes. The data in the Values row will change for each session:
| Name: | JSESSIONID |
| Value: | 26CCA32418BF368D0E846222E7898DDA |
| Domain: | keys.example.com |
| Path: | /b |
| Flags: | secure, httpOnly |
| Expiry date: | At end of session |
When the user successfully logs into their Web Email Protection account an additional cookie is downloaded with the following attributes. The data in the Values row will change for each session:
| Name: | currentUser |
| Value: | 0ff4dc47-362b-4bbd-aaa7-ed4730197ecc |
| Domain: | keys.example.com |
| Path: | /b/ |
| Flags: | secure |
| Expiry date: | At end of session |
When the user logs out of their Web Email Protection account they are returned to the Web Email Protection home page. The currentUser cookie is deleted at this point.
The JSESSIONID cookie is deleted when the user closes the browser. It may be deleted when the user closes the tab depending on which browser they use and how it is configured.
Feedback
