Configure session hijacking protection
Web management interface protects itself from session hijacking attacks binding web session to ip addresses and browser configurations. When it detects differences on these parameters it automatically destroys the session and records the error in the audit log. This feature is enabled by default and it can be disabled using this configuration:
Disable session hijacking protection
| Products | CMC, Guardian |
| Syntax | conf.user configure ui session protection [true|false] |
| Description | Enable (option true, default behavior) or disable (option false) session hijacking protection. |
| Where | CLI |
| To apply | It is applied automatically |
When closing sessions the web management interface will record in the audit log this error text
Session hijacking detected, closing session