{"searchBar":{"inputPlaceholder":"Search by keyword or ask a question","searchBtn":"Search","error":"Please enter a keyword to search"}}

Our Brands

{"support":{"yesButton":"yes","noButton":"no","feedback":{"title":"What can we do to improve?"},"submitButton":"Submit","successMessage":"Thank you for your feedback","title":"Was this helpful?","feedbackPercentLabel":"of people found this helpful","captcha":{"error":"Please tick the box"}}}
Search FAQs

Network Management Card 2 (NMC2) "Require Authentication Cookie"


What is the Network Management Card 2 (NMC2) "Require Authentication Cookie" option for?

Product Line
  • Network Management Card 2 (NMC2) - AP9630/AP9630CH, AP9631/AP9631CH, AP9635/AP9635CH
Devices with an embedded Network Management Card 2 include (but are not limited to): 2G Metered/Switched Rack PDUs (AP84XX, AP86XX, AP88XX, AP89XX), Certain Audio/Video Network Management Enabled products.

  • All serial numbers
  • v6.X.X firmware


"Require Authentication Cookie" is a new option in NMC2 v6.X.X firmware.


The intent of the cookie is to prevent web user interface (UI) session hijacking. It stores the unique session ID that is created when a user logs in to the web UI. (It does not contain any usernames or passwords.)

When the cookie is enabled, the user accessing the NMC2 must have the correct session ID (present in the web URL), the same remote IP address used to create the session, and the cookie present.

When the cookie is disabled or has been deleted, a user can copy and paste the same URL with session ID to a new tab in the same web browser without being required to log in. Because IP addresses can be spoofed, the cookie is a mechanism help prevent that possibility.The IP spoofer would not have the cookie and cannot log in, even though they were able to spoof the IP address or the user's original computer and somehow had obtained the unique session ID from the URL.

In summary, the URL user session ID and cookie session ID (if enabled) must match what was originally given upon logging in. With the cookie requirement off, no cookie check is done and just the remote IP must match and unique user session ID (from the URL) that is created upon log in.


Can't find what you are looking for?

Reach out to our Customer Care team to receive information on technical support, assistance for complaints and more.