V8.7 and later
Starting with Cora SeQuence V8.7, user data is stored using a session authentication module that can be controlled by a new Session element in the
Using ASP.NET Session State object for user authentication persistence, referred to as
AuthenticatedUser, is no longer supported.
The ASP.NET session state is disabled by default in Flowtime installations, but it is still available in Administration installations to support backward compatibility.
Cora SeQuence session configuration
Cora SeQuence uses a cookie to store users’ state between requests. You can configure the
web.config file to control the usage and attributes of the cookie.
Just like with earlier versions of Cora SeQuence, cookies must be enabled on the client browser to ensure that the Administration and Flowtime sites function properly.
Cora SeQuence generates a unique session cookie name for each site, Administration and Flowtime.
The following table describes the attributes that you can configure for Cora SeQuence session.
Configuration is optional.
|enabled||Specifies if the Cora SeQuence session is used or not.|
This property is defined in two locations in the
|lifetime||Specifies the time period, in minutes, after which the session authentication cookie expires. Same behavior as in ASP .NET session cookie.|
Default value: "20"
|sessionCookiePath||Standard browser cookie property.|
Restricts the cookie to a specific path.
Default value: ”/”
|maxLifetime||Specifies the time period, in minutes, for maximum cookie expiration.|
Default value: "1440"
|sessionCookieSecure||Standard browser cookie property.|
If set to “true”, specifies that the cookie is sent with the client’s request only over a secure connection (SSL).
Default value: "false"
Note: After initial installation, if you have configured the Cora SeQuence web application to work with HTTPS, you need to change the configuration to send the session cookie using secure connection only.
|sessionCookieName||Standard browser cookie property.|
Contains the prefix of the unique cookie name as it appears in the browser.
The unique name is generated dynamically in runtime for each application, and cannot be controlled in the
Default value: "SQSession"
Note: The default value is SQSession even if not set in the
|sessionCookieDomain||Standard browser cookie property.|
Specifies the cookie domain.
Default value: ""
- If you used the ASP.NET
session state to store and retrieve any data in your Flowtime custom implementation, when you upgrade to V8.7, you need to enable the ASP.NET session state in the
- In future versions of Cora SeQuence, the ASP.NET session state will be disabled by default in Administration installations too.