Hello team,
Could you pleas explain the purpose of the following cookies that we get upon authentication?
BPMLOADER
.ASPXAUTH
BPMSESSIONID
Thanks in advance!
Like
Hello Shivani,
BPMSESSIONID is a session cookie that is created in the RedisSessionStateStoreProvider. Its expiration time can be modified using the UserSessionTimeout system setting. It is not being generated when calling anonymous web-services and for all requests without session cookie a new session is generated (a separate record in SysUserSession table is created).
.ASPXAUTH cookie is generated in the AuthEngine and is also a session cookie. Its expiration date is modified using the UserSessionTimeout system setting as well.
BPMLOADER cookie is also a session cookie.
All these three cookies are required for sending all the requests in the app when working with it as described here https://academy.creatio.com/documents/technic-sdk/7-16/executing-odata-queries-using-fiddler.
Best regards,
Oscar