What is a cookie?
Yes - Asset Bank uses one session-scoped cookie that is essential to its operation, and may use a number of optional cookies depending on how your Asset Bank has been set up.
What cookies does Asset Bank use?
Tomcat Session Cookie
Asset Bank runs on a server in an application called 'Tomcat'. Tomcat places a temporary session cookie called JSESSIONID on your computer so that Asset Bank can maintain your user session as you navigate around the site. This cookie contains no personal information - all it stores is a numeric ID that has meaning only to Tomcat for the duration of your session. The cookie has no use after the end of your session on Asset Bank.
'Remember Me' Cookie
Asset Bank can be configured to show a 'Remember Me?' checkbox on the login page. (This checkbox may be labelled something else, for example 'Log in automatically next time?' ).
If this checkbox is showing on your Asset Bank's login page, and you tick it, then Asset Bank will place a cookie called 'AssetBankUserAuth' on your computer. This cookie will be used next time you visit Asset Bank so that you can be identified and logged in automatically. The only information this cookie contains is an encrypted value representing your Asset Bank numeric user ID (not your username).
Asset Bank supports the use of a cookie to enable Single Sign-on (SSO), for example between an organisation's intranet and their Asset Bank. The information stored in this cookie can vary depending on how your IT team has implemented the SSO, but is likely to store encrypted details including your username. Note that most implementations of Asset Bank will not use this form of SSO and therefore won't use this cookie. If your organisation does then they are likely to make you aware of this for example on Asset Bank's login page.
Encrypted User Details Cookie
This cookie is disabled on most Asset Banks because it was developed for a specific client.
It is only enabled when user-details-cookie=true in WEB-INF/classes/ApplicationSettings.properties (the default setting is user-details-cookie=false). When the setting is enabled a cookie called 'AssetBankUserDetails' will be placed on your computer when you log in to Asset Bank. It contains your username, id, email address and name encrypted using AES.
This cookie is disabled by default and is only activated if requested by a client along with their Google Analytics credentials. Information about user of the system would then be available to the client in order to perform additional analytics.