Identity Cloud

Sessions and cookies

A session in AM is a token that represents a usually interactive exchange of information between AM and a user or identity.

AM creates an authentication session to track the user’s authentication progress through an authentication chain or tree. Once the user has authenticated, AM creates a session to manage the user’s or entity’s access to resources.

Sessions require the user or client to be able to hold on to cookies. Cookies provided by AM’s session are a reference to where the session is stored; the Core Token Service (CTS) token store.

AM provides a unique, pseudo-random session cookie name for each tenant. Throughout the AM documentation, the tenant session cookie name is referred to as <session-cookie-name> to denote this generated value.

  1. Open the Identity Cloud admin UI.

  2. From the Tenant menu, select Tenant Settings > Global Settings.

  3. View or copy the Cookie field value. This is used in HTTP header values in AM API requests, for example, in the OAuth 2.0 authorization grant flow.

AM session-related services are stateless unless otherwise indicated; they do not hold any session information local to the AM instances. Instead, they store session information either in the CTS token store. This architecture allows you to scale your AM infrastructure horizontally since any server in the deployment can satisfy any session’s request.

Copyright © 2010-2022 ForgeRock, all rights reserved.