XSRF filter uses double session cookie approach to identify and validate source of requests. This feature can be disabled in some cases, for example when no custom JSP is used.
The following tag has to be added in bmxsrfconfig.xml.
<disable-token-cookie>true</disable-token-cookie>
Note: If this tag is not specified or another value is provided, then this feature willl remain active.
In some cases bpm context name can be changed in installation, so it has to be also configured for the filter by adding the following tag in configuration:
