Page History
...
The default value is false
.
When to enable
We advise to enable the session fixation protection, because it eliminates an attack vector. Therefore, we changed the default to true
for Blueriq 15.
Session fixation protection may for example break test cases that depend on a fixed session ID.
During our Runtime cluster tests, we noticed a problem in one of our failover test cases. Therefore, if you're using Redis for distributed session management, we do not recommend to enable session fixation protection.
Introduced in
The session fixation protection property is available in Blueriq 13 from Blueriq 13.13.18.
Overview
Content Tools