Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Munisekhar Katta (MunisekharK17224664)
First Citizens Bank

First Citizens Bank
US
MunisekharK17224664 Member since 2024 14 posts
First Citizens Bank
Posted: Jun 7, 2018
Last activity: Jun 11, 2018
Posted: 7 Jun 2018 20:02 EDT
Last activity: 11 Jun 2018 17:22 EDT
Closed

want to Change JsessionID after login

We have a security finding where we need to Invalidate all existing session tokens on any change of authentication state. Is there any way we can achieve this?

We Identified that session cookies are not being updated when the user transitions between different levels of authentication.

We are using Tomcat server 7.0.64

To see attachments, please log in.
Low-Code App Development
DevOps
Testing Applications
System Administration
Installation and Deployment

Posted: 6 years ago
Posted: 11 Jun 2018 17:22 EDT
Brad Tainter (Br@dTainter_GCS)
PEGA
Fellow, Technical Support, Platform Service
Pegasystems Inc.
US

Hi MuniKatta,

You should consult your tomcat documentation and/or tomcat admins on this question. PRPC does that automatically for the Pega session id as per the UsePreautheticationCookie setting found here:  https://community.pega.com/knowledgebase/articles/security-settings-prconfigxml-file

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice