Versions Compared

Old Version 1

changes.mady.by.user Felix Janssen

Saved on

compared with

New Version Current

changes.mady.by.user Vincent Jansen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The default value is false.

When to enable

We advise to enable the session fixation protection, because it eliminates an attack vector. Therefore, we changed the default to true for Blueriq 15.
Session fixation protection may for example break test cases that depend on a fixed session ID.

During our Runtime cluster tests, we noticed a problem in one of our failover test cases. Therefore, if you're using Redis for distributed session management, we do not recommend to enable session fixation protection.

Introduced in

The session fixation protection property is available in Blueriq 13 from Blueriq 13.13.18.