HTTP Cookies
Spotfire Server can set the following HTTP cookies on Spotfire Analyst clients that connect over the public HTTP port (default 80/433).
The
Secure
attribute is set only if the connection is HTTPS, not HTTP. To protect against cross-site request forgery (CSRF) attacks,
Spotfire does not rely on using the
SameSite
attribute on cookies.
Name | Description | Comment |
---|---|---|
JSESSIONID
|
Session cookie for Spotfire Server. | HttpOnly attribute is set.
|
SF_REMEMBER_ME
|
Cookies used for persistent sessions ("remember me") feature. | HttpOnly attribute is set. See
config-persistent-sessions.
|
XSRF-TOKEN
|
Holds CSRF token. | HttpOnly is not set. A cookie that holds a CSRF token is passed to JavaScript using a cookie value. This behavior is intended.
|
zoneCheck
|
Cookie the JavaScript API uses for identifying browser incompatibilities with Spotfire. | HttpOnly is not set. It is not needed, because it is used by client-side JavaScript code and does not contain sensitive information.
|
Parent topic: Ports and Protocols
Related concepts
Related reference