Secure Session Wizard
Purpose
You can start this application-specific wizard on the Wizards tab when you’ve selected an application in the navigation area.
Sessions form a fundamental part of virtually all web applications. Sessions are usually implemented using a session cookie.
vWAF assists in implementing sessions so that a potential attacker can’t operate any session hijacking. To do this, vWAF establishes a separate, secure HTTP session to the user’s browser and generates a separate, cryptographically secure session cookie (you can configure the name of this cookie in Global Configuration).
In addition, vWAF also saves all other cookies of the web application and re- inserts them for the next request. The cookies generated by the web application are therefore no longer transmitted to the browser and can no longer be manipulated by an attacker.
For more information regarding Wizards, see Using Wizards to Configure Applications.
Attributes
| Attribute | Meaning |
|---|---|
|
Enable |
Activate the check box in order let the wizard automatically configure the required handlers. |
Handlers configured by the Secure Session Wizard
The Secure Session Wizard configures the following handlers: