Qlik Sense and cookies

Sonja_Bauernfeind · Oct 16, 2020 6:24:41 AM

Qlik Sense uses cookies to maintan a connection between the client and the Qlik Sense Server. The default cookie name is X-Qlik-Session.

For instance in Chrome, cookies can be displayed using F12 developer tools:

In Google Chrome, press F12 on your keyboard
In the top menu, navigate to the Application tab
In the Storage menu on the left, select Cookies
This lists all currently saved cookies. See Fig 1

Fig 1 Fig 1

Can the cookie name be changed?

The cookie name can be changed. However, the session cookie header name must be unique for all virtual proxies used by the same proxy service.

To change the cookie name:

Open the Qlik Sense Management Console
Navigate to Virtual Proxies
Choose the Virtual Proxy you want to modify
Click Edit
In the menu on the right, ensure that Identifiation is expanded
Locate and change the Session cookie header name (See Fig 2)

Fig 2 Fig 2

nargesbrz · ‎2021-01-06

Hi @Sonja_Bauernfeind ,

I see two cookies in my cookies list and sometimes my on-demand report is failing and I have this error message "403 Connection session is null. May be related to multiple number of session cookies with identical names received "

Can you please clarify when we have "X-Qlik-Session" in Virtual Proxy then in the application cookies list should be only that one or it doenst matter?

DavidFosterVF · ‎2022-06-15

Are there any other cookies used for functionality, performance, tracking, etc?

Filippo_Nicolussi_P · ‎2023-02-23

Hi @nargesbrz

THe message sounds like a capture of what described regarding the Invalid Session Cookie Burst when the cookie is set to empty:

Handle "invalid cookie bursts" in the Qlik Sense Proxy (QPS) Service
When a multiple cookie request arrives to the Qlik Sense Proxy Service for the same user and authentication method within a small-time frame, QPS reuses the session from the first request. This behavior avoids the creation of additional sessions, and therefore prevents reaching the maximum number of allowed sessions, which would result in temporary lock of that user. See the “Managing a Qlik Sense site” section of "Known issues and limitations" for a known limitation of this change. This improvement is available in all patches listed below with the default value of 2 seconds provided corresponding setting is enabled. If you wish to enable and configure or disable it, do the following:
• Open the Proxy.exe.config, which by default is located in: "C:\Program Files\Qlik\Sense\Proxy" • To enable and configure add the string <add key="InvalidSessionRequestBurstLimit" value="00:00:02"/> in the section <appSettings> with the desired value greater than 0 • To disable without removing the flag add the string <add key="InvalidSessionRequestBurstLimit" value="00:00:00"/> in the section <appSettings> with the value of 0. QPS will fall back to previous behavior with one difference – before it would initially overwrite the existing cookie with an empty one in the first request (Set-Cookie: X-Qlik-Session=), now Set-Cookie header will not be included.
• Restart Qlik Sense Proxy Service
• Repeat these actions on each node of the cluster running the Qlik Sense Proxy Service

Ex: https://community.qlik.com/t5/Release-Notes/Qlik-Sense-Enterprise-on-Windows-Release-notes-November-...

Qlik Sense and cookies

Qlik Sense and cookies

Can the cookie name be changed?

Configuration