Question

1
Replies
121
Views
EngincanY Member since 2018 67 posts
Tekfen Holding
Posted: 1 year ago
Last activity: 1 year 5 months ago
Closed

Session ID is not dependent to user's IP address

Hi all,

We noticed that on our pega platfrom application uses session id only to authenticate the user. For instance, I had logged into our application then I changed my public ip address. When I have refreshed the page, application did not ask me to login again. It is a vulnerability for us. Which action should I take to fix this. Can any of the options in the following link help ?

https://community.pega.com/knowledgebase/articles/security-settings-prconfigxml-file

Thanks.

Pega Platform Security
Moderation Team has archived post
Share this page LinkedIn