Secure Session Wizard

Purpose

You can start this application-specific wizard on the Wizards tab when you’ve selected an application in the navigation area.

Sessions form a fundamental part of virtually all web applications. Sessions are usually implemented using a session cookie.

vWAF assists in implementing sessions so that a potential attacker can’t operate any session hijacking. To do this, vWAF establishes a separate, secure HTTP session to the user’s browser and generates a separate, cryptographically secure session cookie (you can configure the name of this cookie in Global Configuration).

In addition, vWAF also saves all other cookies of the web application and re- inserts them for the next request. The cookies generated by the web application are therefore no longer transmitted to the browser and can no longer be manipulated by an attacker.

For more information regarding Wizards, see Using Wizards to Configure Applications.

Attributes

Attribute Meaning

Enable

Activate the check box in order let the wizard automatically configure the required handlers.

Handlers configured by the Secure Session Wizard

The Secure Session Wizard configures the following handlers: