Question

1
Replies
457
Views
 Munisekhar Katta (MuniKatta)
computershare

computershare
US
MuniKatta Member since 2017 14 posts
computershare
Posted: June 7, 2018
Last activity: June 11, 2018
Posted: 7 Jun 2018 20:02 EDT
Last activity: 11 Jun 2018 17:22 EDT
Closed

want to Change JsessionID after login

We have a security finding where we need to Invalidate all existing session tokens on any change of authentication state. Is there any way we can achieve this?

We Identified that session cookies are not being updated when the user transitions between different levels of authentication.

We are using Tomcat server 7.0.64

Low-Code App Development DevOps Testing Applications System Administration Installation and Deployment
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 3 years ago
Posted: 11 Jun 2018 17:22 EDT
Brad Tainter (Br@dTainter_GCS)
PEGA
Client Solutions Fellow
Pegasystems Inc.
US

Hi MuniKatta,


You should consult your tomcat documentation and/or tomcat admins on this question. PRPC does that automatically for the Pega session id as per the UsePreautheticationCookie setting found here:  https://community.pega.com/knowledgebase/articles/security-settings-prconfigxml-file