1. Field of the Invention
The present invention generally relates to cookies—data generated by a website and saved to a web browser. More specifically, the present invention relates to management of persistent cookies—cookies stored to a hard drive pending an expiration date—in a corporate web portal.
2. Description of the Related Art
There are presently a variety of different web services that may be made available through a corporate web portal. Accessing such web services using an end-user device may require a cookie indicative of certain authentication information (e.g., a token regarding an authentication state). Microsoft® Sharepoint services, for example, allow a user to share information and files across an enterprise. Such services generally require a cookie in order to operate and allow for editing at local applications on a user device.
A cookie is generally installed upon approval by a user of the user device. Such approval may be required before the cookie is allowed to be installed on the user device due to possible privacy or security concerns with respect to the data on and regarding the device. Such a cookie may represent a security risk, however, especially in an enterprise setting. The particular user may not be knowledgeable or otherwise equipped to make a decision that would accord with applicable enterprise security policies as to whether the persistent cookie should be installed. Moreover, the user may not correctly enable or disable the cookie thereby causing problems with accessing files or information, editing the accessed files or information, and saving such edits. Training or having to assist a user to make or deal with such decisions may be costly, time-intensive, and inefficient.
Moreover, in an enterprise setting, it is generally the information technology (IT) professional staff that is responsible for managing security policies. An enterprise may have multiple different security levels for different types of information or files, as well as different policies applicable to each. Because a cookie represents authentication information that allows access to sensitive or otherwise secure information, however, the cookie should only be installed on a device under control of the appropriate authorized end user. Further, when the device is no longer under the control of the end user (e.g., where the device is lost, stolen, sold, or hacked), a cookie that continues to persist may allow for data breaches and other security failures.
There is, therefore, a need in the art for improved systems and methods for management of persistent cookies in a corporate web portal.