How KnowBe4 Uses Signed Cookies to Protect Access to Uploaded Content
KnowBe4 uses signed cookies to protect access to training content, including Custom Content Manager (CCM) content and ModStore content. Signed cookies require a unique signature and limit content access to authorized users only, while regular cookies don’t provide the same protections.
When an admin or user wants to view a piece of content, such as a training module, KnowBe4 provides them with a cookie that grants them access to the content. When users try to view the piece of content, KnowBe4 creates a custom “allow” policy for the content path. This custom policy is signed with a private KnowBe4 key and placed into a cookie.
The signed cookie is then stored in the user’s browser. KnowBe4’s Content Delivery Network (CDN) recognizes this signed cookie in the user’s browser and verifies the signature. Once the signature has been verified, the user can access the KnowBe4 content that they’d like to view.
Users are only granted access to content that they have permission to view. For example, users can only access training that they have been enrolled in. Users won’t be able to access training campaigns that they aren’t enrolled in or other content that they don’t have permission to view.
The signed cookie will expire after a certain amount of time. When the user wants to view the content again, a new cookie will be created and the user will regain access.