Enabling URL page security

About this task

You can make URLs for WorldServer pages check that valid users are accessing new pages from secure locations. To enable URL security, you must modify a setting in the general.properties file.

Procedure

  1. Go to the WEB-INF/classes/config folder of the installed Web application to find the general.properties file.
  2. Open the file in a text editor.
  3. Change the use_secure_urls setting to true.
  4. Save the file.
  5. Restart WorldServer. (All properties changes take effect after a restart.)

What to do next

You should enable the session_client_check property. When you set it to on, the session_client_check property ensures that a session can only be used by the same browser that created it. If the same URL is used from another browser, the session is considered invalid and the user has to log in again. This applies to the legacy and TransPort components of WorldServer. As a security measure, in WorldServer 11.x, users always have to log in again if they copy the same valid URL into another browser. To enable the session_client_check property, your browser must accept cookies.

You should make this change when WorldServer is not in active use. Users who are logged in when you enable this setting will receive an Access Denied message when they click on links. They will need to close their browser session and log in again.