--- title: Cookies description: By default, the agent's single sign-on (SSO) token cookie name is iPlanetDirectoryPro. component: web-agents version: 2025.11 page_id: web-agents:user-guide:cookie-reset canonical_url: https://docs.pingidentity.com/web-agents/2025.11/user-guide/cookie-reset.html section_ids: sso-cookie-name: SSO token cookie name change_the_sso_token_cookie_name_for_an_agent: Change the SSO token cookie name for an agent change_the_sso_token_cookie_name_for_an_agent_group: Change the SSO token cookie name for an agent group cookie-reset: Cookie reset --- # Cookies ## SSO token cookie name By default, the agent's single sign-on (SSO) token [cookie name](../properties-reference/com.sun.identity.agents.config.cookie.name.html) is `iPlanetDirectoryPro`. Unless you use [Accept SSO Token](../properties-reference/com.forgerock.agents.accept.sso.token.html) mode or have enabled [Custom Login Mode](../properties-reference/org.forgerock.openam.agents.config.allow.custom.login.html), you should remove the default cookie name value from the agent. A blank value ensures the agent gets the correct cookie name from AM for authentication. You only need to set the agent's cookie name to a specific value if you use custom login mode or accept SSO token mode and want to use a cookie different from the one defined in the realm. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | If you're using Advanced Identity Cloud, you don't need to change the agent cookie name because the agent automatically uses the Advanced Identity Cloud session cookie name for authentication. | You can change the name of the cookie for a specific agent or for an agent group in AM. ### Change the SSO token cookie name for an agent 1. In the AM admin UI, go to Realms > *Realm Name* > Applications > Agents > Web > *Agent Name*. 2. On the SSO tab, remove the default value from the Cookie Name field or enter the SSO token cookie name, if applicable. 3. Click Save Changes. ### Change the SSO token cookie name for an agent group 1. In the AM admin UI, go to Realms > *Realm Name* > Applications > Agents > Web, and select the Groups tab followed by the *Group ID*. 2. On the SSO tab, remove the default value from the Cookie Name field or enter the SSO token cookie name, if applicable. 3. Click Save Changes. ## Cookie reset Web Agent can reset cookies before redirecting the client to a login page, by issuing a Set-Cookie header to the client to reset the cookie values. Cookie reset is typically used when multiple parallel authentication mechanisms are in play with the web agent and another authentication system. The agent can reset the cookies set by the other mechanism before redirecting the client to a login page. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | To set and reset secure or HTTP Only cookies, in addition to the cookie reset properties, set the relevant cookie option, as follows:- To reset secure cookies, set [Enable Cookie Security](../properties-reference/com.sun.identity.agents.config.cookie.secure.html) to `true`. - To reset HTTP only cookies, set [Enable HTTP Only Mode](../properties-reference/com.sun.identity.cookie.httponly.html) to `true`. | If you have enabled attribute fetching by using cookies to retrieve user data, it is good practice to use cookie reset, which will reset the cookies when accessing an enforced URL without a valid session.