Capability Cookie Format Changed

The format of the capability cookie has been changed to reduce the size of the cookie value.

The capability cookie is used to store the set of global capabilities granted to the session during logon. The cookie does not store object capabilities.

The cookie value is now determined by assigning each capability a specific bit in a bit array. Bits are assigned right to left, starting with bit 0. The bit for a capability is assigned the value 1 if the user has the global capability, and 0 otherwise.

The bit array is converted to an array of 32-bit unsigned integer values, which are then hex encoded, with leading zeroes removed. The resulting words are concatenated and separated by semicolons (;). The resulting string is then signed to allow IBM Cognos 8 software to detect tampering.

The bit index for each capability is documented with the bibus » userCapabilityEnum enumeration set.

This change affects: