How not to cache SessionIDs

Question

My client's WebX is caching all their session logons for SAP. From a security point of view this is not good. How do I tell WebX not to cache it at all? From HttpWatch I was able to find this, as the possible culprint: 
&nbsp;  
&nbsp; http://fusion.company.local:8080/irj/portal/?MYSAP=701929596&amp;PORTALSESSIONID=08AfilJdAs 
&nbsp;  
&nbsp; It seems to cache that, and then doesnt ask for the username and password again after that. 
&nbsp;

dawn_parzych_20 · Answer

Based on the information provided I'm not sure if the problem is that content is being cached on the browser or on the WebAccelerator.  I think the problem is the former.  Edit the policy and for the Pages node: 
&nbsp;  
&nbsp; Select Acceleration Rules from the drown down box 
&nbsp; Select Lifetime 
&nbsp; Under Client Cache Settings 
&nbsp; Select Insert No-Cache Directive into header 
&nbsp; Save 
&nbsp; Publish 
&nbsp;  
&nbsp; This may require that the WebAccelerators cache be cleared not just invalidated.  Clearing the cache can only be done from the command line by issuing wa_clear_cache command.  This will restart the accelerator process as the process restarts no traffic for a WebAccelerator enabled virtual will be processed so please make sure there is no production traffic running through the WebAccelerator when this command is issued.

Forum Discussion

How not to cache SessionIDs

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

DNS Caching

What is Web Cache Exploitation?

3. SYN Cookie: SYN Cache

Distributed caching of authentication requests with NGINX Ingress Controller

Caching FAQs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS