want to Change JsessionID after login
We have a security finding where we need to Invalidate all existing session tokens on any change of authentication state. Is there any way we can achieve this?
We Identified that session cookies are not being updated when the user transitions between different levels of authentication.
We are using Tomcat server 7.0.64
Posted: 2 years ago
Hi MuniKatta,
You should consult your tomcat documentation and/or tomcat admins on this question. PRPC does that automatically for the Pega session id as per the UsePreautheticationCookie setting found here: https://community.pega.com/knowledgebase/articles/security-settings-prc…