You can increase the security of your environment by having SiteMinder create session cookies that are only used once. Single-use session cookies prevent anyone with access to the following items from copying a session cookie and then re-using it to gain unauthorized access to resources:
You can control whether SiteMinder uses single-use or multiple-use session cookies by setting the following parameter:
Specifies whether single-use session cookies are used. When the value of the StoreSessioninServer parameter is yes, a single-use session cookie is created and stored on the session server. Cookie providers and Web Agents access the cookie from the session server.
Cookie providers and Web Agents replace the session cookie in a URL with a GUID that corresponds to the single-use session cookie stored on the session server.
When the value of the StoreSessioninServer parameter is no, the session cookie is passed directly in the URL
Default: No
To enable single use session cookies
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |