Try OpenEdge Now
skip to main content
Server Administrator's Guide
Business Process Server web security : XSRF handler implementation : XSRF configuration : Disable double session cookie
Disable double session cookie
XSRF filter uses double session cookie approach to identify and validate source of requests. This feature can be disabled in some cases, for example when no custom JSP is used.
The following tag has to be added in bmxsrfconfig.xml.
Note: If this tag is not specified or another value is provided, then this feature willl remain active.
In some cases bpm context name can be changed in installation, so it has to be also configured for the filter by adding the following tag in configuration:
<token-cookie-path>/new_bpm_context</ token-cookie-path>