Question
1
Replies
396
Views
Posted: June 7, 2018
Last activity: June 11, 2018
Closed
want to Change JsessionID after login
We have a security finding where we need to Invalidate all existing session tokens on any change of authentication state. Is there any way we can achieve this?
We Identified that session cookies are not being updated when the user transitions between different levels of authentication.
We are using Tomcat server 7.0.64
Hi MuniKatta,
You should consult your tomcat documentation and/or tomcat admins on this question. PRPC does that automatically for the Pega session id as per the UsePreautheticationCookie setting found here: https://community.pega.com/knowledgebase/articles/security-settings-prconfigxml-file