How to prevent session fixation?
Pega allows the same user to login in multiple session ? By opening a new browser session the same user can login again in a new session. How can this be prevented?
***2/28/17, Updated by Maryrita, Moderator: Moved to ProductSupport from Applications***
Pegasystems Inc.
IN
Hi Anand,
Thank you for posting your query here!
Are you looking for a timeout feature? If so, please take a look into the replies on this post to know more! Where can we configure Requestor timeout and Lock Timeout? Which data instance need to be set for this setting?
I also found this document during a search on PDN, please refer page 95: Authentication in Process Commander
Please let us know if this information is relevant or helpful.
Pegasystems Inc.
IN
hi anand,
Go to Records Explorer-->SysAdmin-->System and then we have option of locking kindly change the number of seconds according to the requirement.
EY
LU
Yes. The requester timeout for our app is 30 mins.
Our client has raised the issue of same user being able to login to Pega from multiple sessions. They have raised this as a security vulnerability and expects that when user logs in to a new session his previous session gets invalidated immediately. Is this possible to achieve.