Skip to main content

Cornell University

How CUWebLogin Works

Authenticate to access restricted Cornell web pages

This article applies to: CUWebLogin

Most CIT-affiliated websites that require authentication support the use of CUWebLogin. Websites maintained by other departments frequently do, but it is possible that you may have to authenticate in another way. If you have questions about how to sign in to a website that is not maintained by CIT, check with the department that runs it.

After logging in, you will be able to access multiple sites that support CUWebLogin without needing to type in your ID and password at each site. Remember that you have authentication credentials which someone else could use if you walk away from your computer. 

When you're done using websites that require Cornell authentication, clear your credentials by closing ALL your browser windows and exiting your browser.

How CUWebLogin Works

Understanding the sequence of events that occurs when you use CUWebLogin will help you to use it successfully. Here is what happens:

  1. Using your web browser, you request a restricted web page on a web server that is running CIT's CUWebAuth software. (See below for more information about CUWebAuth.)
  2. The web server redirects your browser to the CUWebLogin server to have you authenticate.
  3. You enter your NetID, GuestID, or WCMC CWID and password into the form on the CUWebLogin page, which is encrypted using SSL.
  4. If your password is correct, two things happen. CUWebLogin sends your credentials to the web site you are accessing (it does this through the redirect URL) and it stores a small data file, commonly referred to as a cookie, on your computer. The cookie indicates to other sites you go to later that you have authenticated so you don't have re-log in. This is convenient, but it also means that it is important to clear the cookie by exiting or quitting the browser when you are done. Otherwise, someone else could use your credentials to access restricted sites.
  5. The CUWebLogin server redirects you to the original page that you requested.
  6. The web server confirms that you have authenticated successfully and gives you the restricted web page.
  7. How long your session lasts depends on how the site is set up and is usually related to how sensitive the information on the site is. Resources or services that permit access to sensitive information will prompt more frequently. As noted in 4, above, most sites will accept credentials established at a login for a previous site, in which case, you would not have to re-type your ID and password to get access.

Support Contact:

Cornell IT Service Desk

Normal Business Hours: Monday-Friday, 8am-6pm (Eastern Time)
Emergency Service Disruptions: After Hours Support


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.