Forum Stats

  • 3,759,064 Users
  • 2,251,495 Discussions
  • 7,870,478 Comments

Discussions

How to change the session ID when Form application accessed from web Browser

Anantha Amirtharaj
Anantha Amirtharaj Member Posts: 105 Red Ribbon
edited Aug 9, 2021 6:50AM in Forms

We are using Oracle 12c forms and reports for my web based application. Our web security team find out that, when user access the URL from IE, following steps happen.

  1. User keying URL at IE browser https://xxxxxxxx.net:7777/forms/frmservlet?config=yyyy
  2. It generate new session ID
  3. Customized user login screen displayed.
  4. User entered login credentials and submit
  5. Even after entered credentials , it used the same session ID . Please find the attached screen shot for your reference.

Our security team requested to change the session ID after user login or hide the session ID from hacker to track.


Answers