When a tokenholder enters a valid PASSCODE in the Web authentication prompt, the Web server gives him or her a cookie. The cookie is stored in the tokenholders Web browser and acts as an admission ticket, passing user authentication information to the server every time a SecurID-protected file or directory is encountered. As a result, the tokenholder is prompted only once for a PASSCODE during the administrator-defined period for which the cookie is valid.
Note: In
order for cookies to work, tokenholders must be using a Web
browser that supports HTML forms and Persistent Client State HTTP
Cookies. See Requirements for WebID Users for more information
about supported browsers.