/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
A third-party security scan application is being used to check an EP system, and it reports the issue "Session Identifier Not Updated" as a risk. The text may look like below.
---------------------
Security Risks : Session Identifier Not Updated
Risk(s): It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user.
Fix: Change session identifier values after login
---------------------
Read more...
Environment
NetWeaver AS Java all releases
Product
Keywords
Session Identifier, security risk, security vulnerability, JSESSIONID, JSESSIONMARKID, SessionIdRegenerationEnabled , KBA , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)