Administering the Community / Jive Security
Parent topic: Jive Security

Jive and Cookies

Jive uses HTTP cookies in several places in the application to provide a better user experience.

Jive does not set third-party cookies as part of the core product offering; however, it is possible for you to configure the application so that third-party cookies are set. For example, you can configure the application to use a Web-tracking tool such as Google Analytics or WebTrends, each of whom may set a third-party cookie. To see a list of those cookies that may be set, be sure to read Other Cookies.

Jive does not set the "domain" attribute of an HTTP cookie.

Out of the box, Jive is configured to send only allowed, secure cookies. If your installation is not using secure cookies for some reason, see Setting Up Secure Cookies.

All Jive cookies that are set by the server (not via the client or browser) have the HttpOnly flag.

Jive sets the following cookies.
Note: Except where noted, none of the following cookies contains user-identifiable information. This behavior meets European Union privacy laws.
anonymous
Used only by the Gamification module. Tracks if the user is authenticated or not.
  • Possible values: true or false.
  • Expiration: one year.
  • Encryption: none.
  • Example: anonymous="false"
BIGipServer
Cookies prefixed with BIGipServer help to efficiently route internal traffic, and contain encoded addresses of internal Jive servers. These addresses are strictly internal, and cannot be used to connect to internal servers from the Internet. Altering the values of the cookie will not have any effect. For more information about these cookies, see the article Overview of BIG-IP persistence cookie encoding on the F5 Support site.
clickedFolder
This cookie is used in the Admin Console to persist the open/closed status of the current folder as used in various tree-view portions of the Admin Console.
  • Possible values: string, true, or false.
  • Expiration: at session end.
  • Encryption: none.
  • Example: clickedFolder="true"
highlightedTreeviewLink
This cookie is used in the Admin Console to persist the current folder as used in various tree-view portions of the Admin Console.
  • Possible values: integer, the DOM ID of the clicked folder.
  • Expiration: at session end.
  • Encryption: none.
  • Example: highlightedTreeviewLink="23"
jive-cookie
This cookie is used in the Admin Console to temporarily persist an encrypted username/password when creating a bridge between two sites. The information in the cookie is first encrypted with AES/256 encryption and then Base64 encoded.
  • Possible values: string, Base64 encoded, encrypted username/password of remote site.
  • Expiration: at session end.
  • Encryption: yes.
  • Example: jive-cookie="YWFyb246MTMxNTU4MjUzNTI3MDoyZDUyODNmZjhhNjExZTdlMTcyMGZhYjVhNWNkNjI0Yg"
jive_default_editor_mode
This cookie is used on the front-end for guest/anonymous users who choose to use an editor mode other than the default editor mode.
  • Possible values: string, advanced.
  • Expiration: 30 days.
  • Encryption: none.
  • Example: jive_default_editor_mode="advanced"
jiveLocale
This cookie is used on the front-end for guest/anonymous users who choose a locale setting.
  • Possible values: string, locale code.
  • Expiration: 30 days.
  • Encryption: none.
  • Example: jiveLocale="en_US"
jive.login.ts
Stores the time stamp of the user's last login.
  • Possible values: epoch time in ms
  • Expiration: at session end.
  • Encryption: none.
  • Example: 1387387736841
jive.mobile.redirect
This cookie retains the user's selection for opening content in the Jive Mobile Web app or the Jive Native App when using a mobile device. Currently supported for iOS devices only.
  • Possible values: WEB, NATIVE.
  • Expiration: one month.
  • Encryption: none.
jiveRegularLoginUserCookie
This cookie is used to auto-redirect the login screen to the built-in authentication page (if the value exists and is set).
  • Possible values: true.
  • Expiration: one month.
  • Encryption: none.
jive.saml.passive.tried
This cookie is used to mark when SAML passive authentication has already been attempted.
  • Possible values: true.
  • Expiration: 3600 seconds (one hour).
  • Encryption: none.
  • Example: jive.saml.passive.tried="true"
jive.security.context
This cookie is the authentication context for the user.
  • Possible values: the user's encrypted security context.
  • Expiration: 30 minutes unless refreshed. Same as the standard servlet container session timeout.
  • Encryption: AES 256.
  • Example: jive.security.context="SdRw2i/HXoh1+LwTBLFy3Q==.MzA3OQ=="
jive.server.info
This cookie is used on the front-end in combination with Content Distribution Networks (CDN) like Akamai to associate the user with a specific server (also known as "session affinity").
  • Possible values: string, a combination of the serverName, serverPort, contextPath, localName, localPort, and localAddr.
  • Expiration: at session end.
  • Encryption: none.
  • Example: jive.server.info="serverName=community.example.com:serverPort=443:contextPath= :localName=localhost.localdomain:localPort=9001:localAddr=127.0.0.1"
jiveSSOLoginUserCookie
This cookie is used to auto-redirect the SSO screen to the built-in authentication page (if the value exists and is set).
  • Possible values: true.
  • Expiration: one month.
  • Encryption: none.
jiveTimeZoneID
This cookie is used on the front-end for guest/anonymous users who choose a timezone setting.
  • Possible values: string, timezone ID.
  • Expiration: 30 days.
  • Example: jiveTimeZoneID="234"
jive.user.loggedin
This cookie is used on the front-end in combination with Content Distribution Networks (CDN) to denote the status of the current request.
  • Possible values: string, true if the current request originates from a browser where the user is logged in.
  • Expiration: at session end.
  • Encryption: none.
  • Example: jive.user.loggedin="true"
jive_wysiwygtext_height
This cookie is used on the front-end to persist the height of the editor window across sessions.
  • Possible values: integer, the height in pixels of the editor after the user chooses to expand the editor window.
  • Expiration: one year.
  • Example: jive_wysiwygtext_height="500"
JSESSIONID
This cookie is used on the front-end and the Admin Console to identify a session. It is part of the Java Servlet specification.
  • Possible values: string, the unique token generated by Apache Tomcat.
  • Expiration: at session end.
  • Encryption: none.
  • Example: JSESSIONID="1315409220832msB9E3A98AA1F2005E61FA975963FA4D12.node01"
linkedin_oauth_
This cookie is used to communicate and authenticate with LinkedIn.
place_info
This cookie is used to temporarily store the tile configuration information when a user is configuring a tile that integrates with a third-party system, such as Salesforce. After the user clicks Save in the place template editing interface, the cookie is destroyed.
  • Expiration: after place template changes are saved.
  • Encryption: none.
  • Example: place_info="placetype%3A700%26placeid%3A5758"
skin.palette.preview
This cookie is used to preview the site with an unpublished template.
  • Possible values: ID (long value) of the template.
  • Expiration: long lived. 30 days.
  • Encryption: none.
  • Example: skin.palette.preview="1001"
SPRING_SECURITY_REMEMBER_ME_COOKIE
This cookie is used on the front-end as part of the security authentication process to denote whether or not the user wants to have their credentials persist across sessions. It is part of the Spring Security specification; details are available here.
  • Possible values: string, the Base64 encoded username and expiration time combined with an MD5 hex hash of the username, password, expiration time, and private key.
  • Expiration: defaults to 14 days.
  • Encryption: none. This is an MD5 hex hash.
  • Example: SPRING_SECURITY_REMEMBER_ME_COOKIE="YWFyb246MTMxNTU4MjUzNTI3MDoyZDUyODNmZjhhNjExZTdlMTcyMGZhYjVhNWNkNjI0Yg"
Parent topic: Jive Security

Powered by Jive Software
© 1999-2018 Jive Software. All rights reserved. Follow us on Twitter @JiveSoftware