Rotate HTTP session identifiers

Release version: Australia

Updated March 12, 2026

1 minute to read

Use the glide.ui.rotate_sessions property to enable rotation of the HTTP session identifiers to reduce security vulnerabilities.

If the glide.ui.rotate_sessions system property is not set to the recommended value of true, then identifying information on a session is kept and not rotated between applications.

Ensure that the property glide.ui.rotate_sessions is set to true.

More information


Attribute	Description
Configuration name	glide.ui.rotate_sessions
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	true
Default value	<none>
Fallback value	true
Category	Session management
Security risk	Severity score: 8.8 CVSS rating: High Security risk details: This increases the risk of session hijacking, as attackers could reuse session identifiers to gain unauthorized access.
Functional impact	This remediation modified the SessionID when user navigates from unauthenticated page to authenticated pages. If you are using a proxy or hardcoding the SessionID when a user first logs in, or for any purpose, then there can be a potential functionality impact. If you are using the SAML 2.0 plugin for Single Sign-on authentication, it might interfere with the session information sharing between the instance and the Identity Provider. In such case, you can set this property to false.
Dependencies and prerequisites	None