000024621 - What are cookieless sessions and URL rewriting in RSA ClearTrust?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024621
Applies ToRSA ClearTrust 5.5.3 Authorization Server (AServer)
Microsoft Visual Studio .NET
IssueWhat are cookieless sessions and URL rewriting in RSA ClearTrust?
Can RSA ClearTrust protect URLs in the format http://yourserver/folder/(session ID here)/default.aspx?
CauseCookieless sessions in .NET is Microsoft's URL rewriting method for session mapping. RSA ClearTrust depends on cookies for authentication, so it is not practical to use both methods together. For more information on cookieless session management, see the MSDN article at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/cookieless.asp
ResolutionRSA ClearTrust cannot protect URLs that use Microsoft's cookieless session URLs because the URL name changes with each page. You can only protect at the root of the web server in this instance.
Legacy Article IDa27312

Attachments

    Outcomes