want to Change JsessionID after login

Question

Replies

396

Views

MuniKatta

Member since 2017

14 posts

computershare

Closed

want to Change JsessionID after login

We have a security finding where we need to Invalidate all existing session tokens on any change of authentication state. Is there any way we can achieve this?

We Identified that session cookies are not being updated when the user transitions between different levels of authentication.

We are using Tomcat server 7.0.64

Low-Code App Development

DevOps

Testing Applications

System Administration

Installation and Deployment

Br@dTainter_GCS

PEGA

replied to MuniKatta

Hi MuniKatta,

You should consult your tomcat documentation and/or tomcat admins on this question. PRPC does that automatically for the Pega session id as per the UsePreautheticationCookie setting found here: https://community.pega.com/knowledgebase/articles/security-settings-prconfigxml-file

Personalized tools to propel your success

Contact a moderator

Question

want to Change JsessionID after login

About Pegasystems

Related content:

Question

want to Change JsessionID after login

About Pegasystems

We'd prefer it if you saw us at our best.