Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Engincan Yildiz (EngincanY)
EIB
Software Engineer
EIB
PL
EngincanY Member since 2018 85 posts
EIB
Posted: Apr 28, 2019
Last activity: May 23, 2019
Posted: 28 Apr 2019 11:17 EDT
Last activity: 23 May 2019 2:28 EDT
Closed

Session ID is not dependent to user's IP address

Hi all,

We noticed that on our pega platfrom application uses session id only to authenticate the user. For instance, I had logged into our application then I changed my public ip address. When I have refreshed the page, application did not ask me to login again. It is a vulnerability for us. Which action should I take to fix this. Can any of the options in the following link help ?

https://community.pega.com/knowledgebase/articles/security-settings-prconfigxml-file

Thanks.

To see attachments, please log in.
Pega Platform
Security

Posted: 5 years ago
Posted: 23 May 2019 2:28 EDT
Anuj Kumar Srivastava (Anuj Srivastava)
PEGA
Senior Solutions Consultant
Pegasystems Inc.
IN

Hi, 

Try configuring CSRF and CORS rule to stop browser accessing cross origin websites. 

https://community.pega.com/sites/default/files/help_v73/data-/data-admin-/data-admin-security-/data-admin-security-corspolicy/main.htm

https://community.pega.com/knowledgebase/articles/configuring-csrf-protection

Thank you

Anuj

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice