How Process Commander uses HTTP cookies
Summary
A developer asks: Does Process Commander use cookies? If so, what information is stored in them and what steps are taken to prevent them from being altered?
Suggested Approach
The only cookies used in Process Commander contain a session id. No application-specific data is stored in cookies. Examples of the cookies used are shown in the images below.
The Web server sets a cookie similar to the following (from Tomcat 4.1.x):
In addition, Process Commander sets a cookie similar to the following:
The session cookie value is an MD5 (message digest) hash that serves as a session identifier.
This conveys no other information and cannot be easily guessed nor easily modified into another valid value.