Cookies in WebsydianExpress

Introduction

WebsydianExpress uses a cookie in order to support the following features:

Handling control to external applications

In many cases WebsydianExpress will be deployed in a heterogeneous environment and have to coexist with web applications developed with other tools.

Typically WebsydianExpress will link to these web applications and vice versa, and in order for WebsydianExpress not to loose information about user and session, when handling control to other web applications, the session ID is stored in a cookie, thus state will be restored once control is handed back to WebsydianExpress from the external application.

Keep state after visiting other sites

If the user leaves WebsydianExpress (without closing the browser or logging out) and visit other sites, then the state will be preserved if the user should return back to WebsydianExpress.

Reload of site

If the user reloads the site (by entering the start URL in the address bar or pressing F5 for Refresh), then WebsydianExpress would create a new session if the session was not stored in a cookie, thus the user would have to login again. With cookie support WebsydianExpress can reload the site as it was before the user refreshed thus improving the usability of WebsydianExpress.

Cookie information

The cookie written is a session cookie and has the name WSYID1[URL]. E.g. if the URL to the application is http://www.mydomain.com/express/site/basicsite, then the cookie name will be WSYID1/express20/site/basicsite. Thus WebsydianExpress will store a cookie for each site accessed (including the administration site).

The cookie value is signed, so it is not possible to manipulate with the cookie value to gain access to other users session without this being discovered by WebsydianExpress.

The WebsydianExpress cookie will be deleted in the following situations:

1. User logs out of WebsydianExpress (using the Logout business process).
2. The user session times out (because the user has not accessed the site within the session timeout interval).
3. User closes the browser (all instances of the browser must be closed; see Browsers and cookies.

Reload of site

WebsydianExpress will reload in the browser window in the following situations:

• Users refreshes the page or enters the start URL in the address bar.
• A business process sends a request to WebsydianExpress using the entry URL or HTTP URL (specified on site settings) with target set to _top.
• User returns to WebsydianExpress after browsing on other sites.

When a site is reloaded WebsydianExpress will do the following:

1. Check on the existence of the cookie.
2. If the session in the cookie is still valid use the session specified in the cookie.
3. Load the site specified by the site structure and the roles on the session with the exception that WebsydianExpress will automatically select the menu item last selected by the user (stored on the session).

Browsers and cookies

There are some differences in how different browsers handles sessions cookies.

Mozilla Firefox

When you open a new instance of Firefox (either from the Windows Start menu or using File->New Window) all cookies will be shared across these instances. This means that if you login to WebsydianExpress and then open a new browser window and enter the URL for WebsydianExpress, you will automatically be using the session from the other browser session.

Internet Explorer

When you open a new instance of Internet Explorer using File->New Window all cookies will be shared across these instances. This means that if you login to WebsydianExpress and then open a new browser window and enter the URL for WebsydianExpress, you will automatically be using the session from the other browser session.

However, if you open a new browser instance using the Windows Start menu, then this browser window will run in a separate process and not share cookies with previously opened browser instances. So if you then enter the URL for the WebsydianExpress application you will be starting a new session in WebsydianExpress.