Project Portal issues an authentication ticket as an HTTP cookie for successfully authenticated users. The browser then automatically uses the cookie to authenticate the user in subsequent operations. The cookie is only stored in the user workstation memory and not in persistent storage, and thus the cookie will only remain active as long as the user has a web browser window open. The cookie is also set to expire after 24 hours of issuance or after the user has not accessed Project Portal in 2 hours by default. An explicit log out from Project Portal will invalidate the authentication ticket, preventing it from being used any longer.
Extra attention should be paid to security when accessing organizational extranet services such as Project Portal using public computers. To prevent unauthorized access from a computer the user should log out from Project Portal and close all browser windows before leaving the workstation to the next user. Any accessed document attachment files should be manually deleted from the workstation. Please note that desktop operating systems do not usually remove deleted files in such a way that it will not be retrievable by an expert.