[Nov 23, 2009 14:09] Web access to Microsoft Live@edu accounts now works.
The NetBadge service uses Pubcookie software. A NetBadge is a collection of HTTP cookies issued to your browser, which your browser saves in memory and automatically presents to UVa websites when necessary.
Each website that requires a NetBadge first sends you to the NetBadge login page to get proof of your identity. The first time this happens in a browser session, you must log in using your UVa computing ID and password for one of the systems listed or your personal certificate. (Learn more about certificates at our Personal Identity Certificate site.) When you log in successfully, the NetBadge service issues your browser a login cookie. The login cookie is valid for 9 hours, if you log in from anywhere on the UVa network (or via UVa-Anywhere), or for 1 hour if you log in from outside the network. Thereafter, as long as your login cookie is valid, whenever a website sends you back to the NetBadge server for authentication, your browser presents this cookie as proof that you have already logged in and you do not need to do so again. In that case, NetBadge sends you straight back to the website that directed you there. This little trip to the login page is invisible, so you may not even notice it.
When you return from the NetBadge login page to the protected website with proof of your identity, the website issues you a session cookie, which gives you usually 8 hours of access to that website without any more trips to the NetBadge login page. (Session cookies can be configured for other time limits, but 8 hours is the default.) During that time, whenever you visit the protected website, your browser presents the session cookie to identify you and you get right in. During a typical browser session you will have one login cookie, and a session cookie for each protected website that you've visited during the session.
Note that each cookie has its own expiration time. Do not expect all of your NetBadge cookies to expire at the same time. For example, suppose your login cookie only has a few minutes left until it expires and you visit a protected website for the first time during this browser session. The website issues you a session cookie that is valid for 8 hours. After a few minutes your login cookie expires. However, your browser still has login-free access to the website for almost 8 more hours because that is how much time remains on the session cookie.
There is no easy way to get rid of all of your NetBadge cookies other than to exit your Web browser completely. If you are a "power user," you might take advantage of the menu that most Web browsers provide for managing cookies. You can use the menu to delete them individually or all at once.
Why does NetBadge use session cookies at all? They are for efficiency and for fault tolerance. Without session cookies, every visit to a protected website would also require a trip to the NetBadge login page. That would place a tremendous load on the login page. Furthermore, if the login page ever went down, all access to protected websites would immediately cease. With session cookies, most visits to protected websites do not require trips to the NetBadge login page. If the login page goes down for some reason, people will still be able to access protected websites for which they have already gotten session cookies.