8 Additional Features

8.1 Cookie Storage

Many intranet applications make use of 'cookies' for storage of user-specific information. Information such as:

Personal Information
Site Preferences
Default Selections
Previous Query Results
Security and Login Credentials
Login Session Keys

The above information stored in cookies may be both private and confidential, or useful to the user. This information may be placed into cookies and stored in the users web browser cache on untrusted machines, either temporarily or for an extended period. To prevent this information from being stored in the untrusted web browser environment, and to prevent settings such as preferences being lost each time a user changes from one browser to another, the awayWEB intercepts all cookies from intranet sites, stores them only in the awayWEB system. Therefore none of this information is ever sent to the browser.

As a user browses the intranet, appropriate cookies are re-attached to each request and passed back to the relevant intranet systems, allowing the preferences and credentials to be seamlessly retained between sessions.

This storage system also provides an additional security benefit. Cookies which have security significance, or are trusted by un-secured intranet applications, are never sent to or accepted from the client system. This prevents these cookies from being manipulated or misused by the end user, a common method of web site intrusions.s

8.2 Dynamic gzip Compression

The awayWEB system provides dynamic compression of web content passing through the server. All suitable content (HTML, Word documents, Text files etc.) can be automatically compressed to between 2 and 10 times smaller than its original size before being encrypted and passed to the client browser.

This feature uses the standard 'Content-Encoding' feature supported by all modern web browsers, and requires no extra software or configuration of the client system. The feature is available to any web server or application which is specially modified to make use of it, but no current standard web servers support the system by default. With awayWEB system in place, all intranet systems immediately benefit.

Benefits of this dynamic compress feature include:

Faster browsing experience and download speeds for users
Removes performance loss due to SSL encryption often experienced by modem/dialup users
Reduces data transfer charges and link utilisation which speeds access for all users

8.3 Intranet HTTPS

The awayWEB system supports the use https (SSL) encryption within the intranet, for additional application security. The intranet servers do not have to be configured with SSL certificates signed by a public certificate authority. The awayWEB system accepts any internal CA certificate, or self-signed certificates may be used if preferred.

**Figure 6:** awayWEB Gateway - Internal Architecture
$\resizebox*{0.9\textwidth}{!}{\includegraphics{fig/aw-arch-detail-fig.eps}}$