Security Implementation Guide

Security Overview
Security Infrastructure
Trust and Salesforce
User Security Overview
About Passwords
User Authentication
Connected Apps
Custom Permissions Overview
My Domain
Identity Providers
Network-Based Security
Session Security
Securing Data Access
Platform Encryption
Auditing
Securing and Sharing Data
Configuring Salesforce Security Features
Enabling Single Sign-On
Monitoring Your Organization's Security
Security Tips for Apex and Visualforce Development
PDF

Newer Version Available

This content describes an older version of this product. View Latest

User Security Overview

Salesforce provides each user in your organization with a unique username and password that must be entered each time a user logs in. Salesforce issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include either the username or password of the user. Salesforce does not use cookies to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.