https://answers.axonivy.com/tags/jsf/?type=rss&user=Bao%20Tranquestions tagged <span class="tag">jsf</span>enWed, 03 Jan 2018 04:25:25 -0500https://answers.axonivy.com/questions/3053/session-fixation-with-axon-ivy<p>Hi everyone, as far as I can find, every time user logs in with IVY Portal, the session is kept (not renewed). You can check this via <em>JSESSIONID</em>. Thus, it leads to <a href="https://www.owasp.org/index.php/Session_fixation">session fixation</a> attack.<br> May Axon.ivy provide a mechanism to prevent this kind of attack? I am using Axon.ivy 6.3.0.<br> Thank you.</p>Bao TranWed, 03 Jan 2018 04:25:25 -0500https://answers.axonivy.com/questions/3053/session-fixation-with-axon-ivyjsfsessionivy