Authentication

Kronodoc issues an authentication ticket as an HTTP cookie for successfully authenticated users. The browser then automatically uses the cookie to authenticate the user in subsequent operations. The cookie is only stored in the user workstation memory and not in persistent storage, and thus the cookie will only remain active as long as the user has a web browser window open. The cookie is also set to expire after 24 hours of issuance or after the user has not accessed Kronodoc in 2 hours by default. An explicit log out from Kronodoc will invalidate the authentication ticket, preventing it from being used any longer.

Extra attention should be paid to security when accessing organizational extranet services such as Kronodoc using public computers. To prevent unauthorized access from a computer the user should log out from Kronodoc and close all browser windows before leaving the workstation to the next user. Any accessed document attachment files should be manually deleted from the workstation. Please note that desktop operating systems do not usually remove deleted files in such a way that it will not be retrievable by an expert.