[Logo] Enterprise Client Community
  [Search] Search   [Recent Topics] Recent Topics   [Members]  Member Listing   [Groups] Back to home page 
[Register] Register /  [Login] Login 
http-500-response "no valid security id"  XML
Forum Index -> Development
Author Message
[Post New]24/05/2022 09:03:48
    Subject: http-500-response "no valid security id"
[Up]
CaptainCasa

Power User
[Avatar]

Joined: 21/11/2007 12:23:06
Messages: 5518
Offline
(from mail conversation)

Hi,

with update 20220411 we introduced an improved security management, in which a security-id-cookie is always sent from the client side to ensure that no "man in the line" can hijack into sessions.

There are some situations in which problems are caused by this (e.g. when running cc-pages inside an IFRAME). In this case you can switch off this security-id-management by using the system.xml configuration file:

Code:
 <system>
 ...
     <filterconfiguration 
        active="false"
        classname="org.eclnt.jsfserver.util.SecurityFilterGeneral"/> 
 ...
 </system>


If using this then still session hi-jacking is prohibited but it is then not based on Cookie-management but on internal sending of corresponding ids.

Please contact us in this case! We are of course interested in collecting information about scenarios in which the "general management" has problems.

Kind regards! Björn
Björn Müller, CaptainCasa GmbH
 
Forum Index -> Development
Go to:   
Powered by JForum 2.1.6 © JForum Team