| Everything Oracle | Home | Everything Oracle |
 |
Understanding | OBIEE | Cookies | ||||
| OBIEE Cookies and their Properties | |||||||
| Introduction |
Like all web based applications OBIEE makes use of cookies. The Presentation Services sends cookies to the Web browser to be stored in the cookie cache. And the Web browser, in turn, sends these cookies back to the Presentation Services to identify users and their sessions.
In this article, we’ll have a look “under the bonnet” and examine the various OBIEE cookies, their properties, and how these properties are set.
| Defining Cookies |
All non-default settings for cookie names and their properties are made in XML file:
<OracleBI Data>\web\config\instanceconfig.xml
Within this file properties should be set within the “ServerInstance” node.
| Cookie Names |
OBIEE makes use of three cookies:
| XML Tag | Default Value |
| UsernameCookieName | sawU |
| PasswordCookieName | sawP |
| SessionIDCookieName | nQuireID |
A pair of cookies, with tag names “UsernameCookieName” and “PasswordCookieName”, is used to store the user name and the hash of the user password (under appropriate circumstances). By default, the names of these cookies are “sawU” and “sawP” respectively.
A cookie, with tag name “SessionIDCookieName”, is used to uniquely identify the user’s session to the Presentation Services. By default, its name is “nQuireID” – a name that betrays the origins of OBIEE prior to its acquisition by Siebel Systems. OBIEE Javascript functions makes use of the last ten characters of “nQuireID” as an internal session identifier.
We can use the “document.cookie” object to write out the list of OBIEE cookies to the screen using a Javascript call from within a dashboard text object:
Javascript to list OBIEE Cookies
The screen output:
List of OBIEE Cookies
lists the three cookies and their values (plus another non-OBIEE cookie, the Java session identifier). As you can see from the report, the value of “sawU” equals that of the user name, while “sawP” has no value at present (see the discussion on the “AllowRememberPassword” tag below for more details).
Referencing object “document.cookie” takes cookie name-value pairs from memory. But cookies are also written to a disk file. The location of this disk file will vary with browser model and version. In the case of MSIE, cookies are stored in directory:
C:\Documents and Settings\<user name>\Cookies
in a file with a format:
<user name>@<server>[<n>].txt
If we edit this file (using “Wordpad” rather than “Notepad” in order to see the line breaks) we get:
Cookie Cache File
This file contains the “sawU” and “sawP” cookies. In addition to the cookie names and their values it contains the cookie server domain, “hp/”, and the cookie path within the server, “analytics/”. The encoded values for the cookie expiry dates are also shown.
Note that the “nQuireID” and “JSESSIONID” cookies are only stored in memory, and are not written to disk.
If we add the following lines to file “instanceconfig.xml”:
<UsernameCookieName>UserName</UsernameCookieName>
<PasswordCookieName>Password</PasswordCookieName>
<SessionIDCookieName>SessionIdentifier</SessionIDCookieName>
then when we reboot the Presentation Services server the dashboard request:
Cookie List with User Specified Names
and the cookie file:
Cookie Cache File with User Specified Names
reflect the changed cookie names.
| Cookie Properties |
The properties of the OBIEE cookies can be changed from their default values by setting the relevant XML tag pairs within file “instanceconfig.xml”:
| XML Tag | Default Value |
| CookieLifetimeMinutes | Infinite |
| SecureCookieLifetimeMinutes | Infinite |
| CookiePath | analytics/ |
| CookieDomain | <server> |
| Secure | FALSE |
| PersistCookies | TRUE |
| AllowRememberPassword | FALSE |
Cookie Lifetime
The two “Lifetime” parameters specify the amount of time that elapses before the cookies expire. For example, if we enter:
<CookieLifetimeMinutes>1</CookieLifetimeMinutes>
within file “instanceconfig.xml” and reboot the Presentation Services server, then the dashboard request will first return:
Cookie List on Logon
but a minute later it will return:
Cookie List after Cookie Expiration
Note that only the “sawU” and “sawP” cookies are no longer displayed by the Javascript call; the “nQuireID” and “JSESSIONID” cookies are still displayed. But even though the “sawU” and “sawP” cookies are not displayed on the screen they are not deleted from the cookie cache file on disk.
Cookie Path and Domain
The cookie domain, “hp/” in this case, is that of the OBIEE server. The cookie path, “analytics/” specifies for which browser requests the cookies will be sent to the server.
Secure
If the “secure” tag is set to “TRUE” then the cookies will only be sent to a secure server – one that uses the “https” protocol.
Cookie Persistence
If the “PersistCookies” tag is set to “FALSE” then the “SawU” and “SawP” cookies are not available through calls to “document.cookie” and they are not stored on disk. Nor is it possible to use Javascript to write custom cookies to disk with this setting.
Remember Password
As we have seen above, by default the hash of the user’s password is not written to disk. However, if we add the tag pair:
<AllowRememberPassword>TRUE</ AllowRememberPassword>
to file “instanceconfig.xml” and reboot the Presentation Services server then a “Remember my ID and password” check box is added to the OBIEE logon screen. If this box is checked:
Logon Screen with Remember Password Checkbox
then the hash of the user’s password is stored on disk:
Cookie Cache File with Password Hash
and it can also be retrieved using “document.cookie”:
Cookie List with Password Hash
| Everything Oracle | Home | Everything Oracle |
Copyright © 2009 PWG Consulting, All Rights Reserved