Try OpenEdge Now
skip to main content
Server Administrator's Guide
Business Process Server web security : XSRF handler implementation : XSRF configuration : User agent check
 
User agent check
If enable-user-agent-check is set to true, then Business Process Portal stores the Http User Agent information in the user's session. As long as the user session is valid, it expects that all the requests from that user should come from the same User Agent. It checks against each request to see if the User Agent is matching, if not it treats the request as invalid and redirects the user to the url configured for redirect-url-on-attack.
<enable-user-agent-check>false</enable-user-agent-check>
The default value is false.