Thanks Aditya, session-config is used to disable jsessionId in url.
Thanks & Regards -- Deepak Dixit www.hotwaxsystems.com www.hotwax.co On Mon, Mar 12, 2018 at 2:52 PM, Aditya Sharma < aditya.sha...@hotwaxsystems.com> wrote: > Hi Sonali Agrahari, > > You can set security.login.externalLoginKey.enabled to false in the > security.properties file for it. > > Or > > You can also prepare & load data for SystemProperty entity. > <SystemProperty systemResourceId="security" > systemPropertyId="security.login.externalLoginKey.enabled" > systemPropertyValue="false"/> > > HTH > > Thanks and Regards, > > *Aditya Sharma* | Enterprise Software Engineer > HotWax Commerce <http://www.hotwax.co/> by HotWax Systems > <http://www.hotwaxsystems.com/> > > <https://www.linkedin.com/in/aditya-sharma-78291810a/> > > On Mon, Mar 12, 2018 at 2:36 PM, Deepak Dixit < > deepak.di...@hotwaxsystems.com> wrote: > > > Hi Sonali Agrahari > > > > Your email has been moderated, Please subscribe to mailing list > > http://ofbiz.apache.org/mailing-lists.html > > > > > > Could you please share which ofbiz version you are using? > > You can configure it using session-config config in web.xml. > > > > > > Thanks & Regards > > -- > > Deepak Dixit > > www.hotwaxsystems.com > > www.hotwax.co > > > > ---------- Forwarded message ---------- > > From: Sonali Agrahari <sonaliagraha...@gmail.com> > > To: user@ofbiz.apache.org > > Cc: > > Bcc: > > Date: Mon, 12 Mar 2018 01:50:52 -0700 (MST) > > Subject: Security threats in OFbiz > > Hello all , > > > > How we can resolve " Privilege Escalation using an Under-Privileged > > User " security issue i,e > > After logged-in to application , URL with its external login key of that > > web > > page are copied to other browser, then that web page will be opened > without > > login and we can access whole application. > > > > How it can be resolved .. > > > > Kindly help. > > > > > > Thank you > > > > Regards , > > > > Sonali Agrahari > > > > > > > > > > > > > > -- > > Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html > > >