QlikView Persistent AccessPoint Cookie stores user credential information

QlikView utilizes cookies to handle AccessPoint sessions.  One of the persistent cookies used, stores user credential information.

For more information around QlikView and Cookie usage, please refer to QlikView - Usage of cookies QlikView 12 November 2017.

By default, the persistent AccessPoint cookie stores the login name.

The example output from the Google Chrome debug tools shows that Login is followed by the domain and userID.
 
 

QlikView has introduced a setting that can be enabled to remove the user credentials: <add key="UserNameInCookie" value="false"/> This setting is only available from version 12.00 and up.  

 

QlikView WebServer

• Stop the QlikView WebServer service in the Windows Services console
• Navigate to C:\Program Files\QlikView\Server\Web Server Settings
• Locate and open QVWebServerSettingsService.exe.config in a text editor with administrative permissions
• Find the following section: 

• Change true to false
• Save the configuration file
• Start the QlikView WebServer service

 

QlikView IIS

• Open the Internet information Service (IIS) Manager
• Open the Default Web Site (or whichever Site QlikView has been configured in)
• In the ASP.NET section open Application Settings

 

• Click Add... (top right corner, or right click into white space)
• Add a new Application Setting

 

• Click OK
• Restart the QlikView Application Pool, or reset IIS

Verify that the persistent cookie no longer stores user credentials:
 

Please note that the WelcomeName is not the user ID, but the name the system translates it to, and displays on the AccessPoint in the top right corner as Welcome, NameHere.  This identifier is necessary, but not tied to the name. It can be changed by the user on the AccessPoint in their Favorites & Profile view.