Enabling URL page security

You can make URLs for WorldServer pages check that valid users are accessing new pages from secure locations. To enable URL security, you need to change a setting in the general.properties file.

Procedure

  1. Go to the WEB-INF/classes/config folder of the installed web application to find the general.properties file.
  2. Open the file with a text editor.
  3. Change the value of the use_secure_urls property to true.
  4. Save and close the general.properties file.
  5. Stop WorldServer and start it again.

What to do next

Enable the session_client_check property. When you set it to on, the session_client_check property ensures that a session can only be used by the same browser that created it. If a user copies the same URL and pastes it into another browser, the session is considered invalid and the user has to log in again. This applies to ws-legacy and WorldServer TransPort. As a security measure, in WorldServer 11.x, users always have to log in again if they copy the same valid URL into another browser. To enable the session_client_check property, your browser must accept cookies.

Make this change when WorldServer is not in active use. Users who are logged in when you enable this setting will receive an Access Denied message when they select links. They will need to close their browser session and log in again.