The cookies used in MSTR Web are the following:
- The JSESSIONID or ASP.Net_SessionId cookie is set by the JSP application server / IIS to track the user over the course of the its session and is required.
- The bSet cookie used to store various Web GUI settings such as:
- The state of the report details section (shown/hidden)
- The state of the page by axis (show/hidden)
- The state of the view filter panel (shown/hidden)
- The state of the accordion (shows report objects, all objects, notes or related reports) and the width of that control
- The state of the pivot buttons (shown/hidden)
- The state of the sort buttons (show/hidden)
- (Optional) The mstrSmgr cookie is used to store the session state on the client machine only if the "Store Strategy Intelligence Server sessions information in temporary cookies instead of on the Web server" checkbox is enabled on the Strategy Web Administrator Page > Security. Note: the option has been deprecated since version 2020 as explained in https://community.Strategy.com/s/article/Enable-Sticky-Session-in-Web-Application-Load-Balancer
- The MSTR_AUTH cookie is a secondary token which mitigates session fixation and hijacking. It serves to keep track of the Intelligence Server session.
Some additional notes:
The bSet and mstrSmgr cookie may be renamed as mstrNS_bset and mstr_mstrSmgr if you enable namespace support in cookies (this is done to maintain separate browser settings for each portlet in a portal scenario – see MSDZ for further reference). A link to the Developer Zone can be found here: https://community.strategy.com/developer-zone?language=en_US
