Enable UserCookie version 3.1 [Updated in Security Center 2.0]
Manage the version of UserCookie that is enabled on your instance to secure the storage of the secret key in the source code.
UserCookie v3 is generated only when property glide.ui.secure.cookies.use_kmf is disabled. UserCookie v3 is not secure due to storing secret key for HMAC in source code and identical for all customers. That can support malicious actors to use this one secret key for attempts to hijacking user sessions. By setting the property glide.ui.secure.cookies.use_kmf to true UserCookie v3.1 will be used and secret key will be stored in security storage such as KMF.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.ui.secure.cookies.use_kmf |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | boolean |
| Recommended value | true |
| Default value | false |
| Category | Session management |
| Security risk |
|
| Dependencies and prerequisites | None |