...
Separate authorization tokens are used for each communication step between the JOC Cockpit, the JobScheduler Web Service and the JobScheduler Masters and Agents. This means that if an attacker is able to take over and use a token they will only be able to bypass a part of the communication chain.
Authorization Token for the JOC Cockpit
The JOC Cockpit generates an authorization token each time a user logs on and saves this token either in the browser's local storage, if Remember Me is set on logging in, or in the browser's session storage, if Remember Me is not set. Note that there are situations where users can leave a valid authorization token on their file system although they are no longer working with the JOC Cockpit:
...