You can use the persistent authentication only for applications that do not require very high security. It is recommended to configure the CryptoKey as class level property for the contract. The CryptoKey must be long and random to keep the user information secure.
For information about how to configure the persistent authentication, see Persistent Authentication
in the NetIQ Access Manager 4.3 Administration Guide.