Qlik Community

Ask a Question

Support Knowledge Base

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team


Qlik Sense Security: Additional information on Session Management


Qlik Sense Security: Additional information on Session Management



The Qlik Sense online Help provides information regarding multiple aspects of security, beginning with Qlik Sense Enterprise on Windows security. However, more questions regarding Session Management may remain.

How tokens are generated, validated, destroyed?

  • Generated:  using .NET Guid generation (based on RFC 4122 version 4 UUID specification)
  • Validated against value in memory while considering the status of the expiry time.
    • Other validations are also done to ensure the session is valid for the current user.
  • Destroyed: Memory is cleared immediately after timeout / logout and therefore nullified
    • Session token is deleted from current sessionId and then disposed.
    • Dispose() helps cleans up the memory right away vs waiting for the garbage-collector to clear the memory later.

How tokens are protected?

  • Client side: Session tokens are stored in the cookie header along side the HTTPOnly and Secure flags.
  • Backend: Tokens are only stored in memory and destroyed immediately upon logout or timeout. 


Related Content


Internal Investigation ID

  • QB-3939
Tags (1)
Labels (1)
Version history
Revision #:
2 of 2
Last update:
a week ago
Updated by: