QlikView Persistent AccessPoint Cookie stores user credential informationArticle Number: 000051786 | Last Modified: 2019/01/17
For more information around QlikView and Cookie usage, please refer to QlikView - Usage of cookies QlikView 12 November 2017.
By default, the persistent AccessPoint cookie stores the login name.
The example output from the Google Chrome debug tools shows that Login is followed by the domain and userID.
QlikView 12.20 (November 2017) and up
- Stop the QlikView WebServer service in the Windows Services console
- Navigate to C:\Program Files\QlikView\Server\Web Server Settings
- Locate and open QVWebServerSettingsService.exe.config in a text editor with administrative permissions
- Find the following section:
<add key="UserNameInCookie" value="true"/>
- Change true to false
- Save the configuration file
- Start the QlikView WebServer service
- Open the Internet information Service (IIS) Manager
- Open the Default Web Site (or whichever Site QlikView has been configured in)
- In the ASP.NET section open Application Settings
- Click Add... (top right corner, or right click into white space)
- Add a new Application Setting
- Click OK
- Restart the QlikView Application Pool, or reset IIS
Verify that the persistent cookie no longer stores user credentials:
Please note that the WelcomeName is not the user ID, but the name the system translates it to, and displays on the AccessPoint in the top right corner as Welcome, NameHere. This identifier is necessary, but not tied to the name. It can be changed by the user on the AccessPoint in their Favorites & Profile view.
Have a Question?
Search Qlik's Support Knowledge database or request assisted support for highly complex issues.Submit a case
Experiencing a serious issue, please contact us by phone. View phone numbers and hours by region.