Versions Compared

Old Version 2

changes.mady.by.user Robin Collard

Saved on

compared with

New Version Current

changes.mady.by.user Joost Koehoorn

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In Blueriq 15 and higher, the default value is true. In older versions, the default value is false.

When to enable

We advise to enable the session fixation protection, because it eliminates an attack vector. Therefore, we changed the default to true for Blueriq 15.
Session fixation protection may for example break test cases that depend on a fixed session ID.

During our Runtime cluster tests, we noticed a problem in one of our failover test cases. Therefore, if you're using Redis for distributed session management, we do not recommend to enable session fixation protection.

Introduced in

The session fixation protection property is available from Blueriq 14.11 and onwards. We backported the property to 13.13.18, and 12.13.39.