How not to cache SessionIDs

Question

My client's WebX is caching all their session logons for SAP. From a security point of view this is not good. How do I tell WebX not to cache it at all? From HttpWatch I was able to find this, as the possible culprint: 
&nbsp;  
&nbsp; http://fusion.company.local:8080/irj/portal/?MYSAP=701929596&amp;PORTALSESSIONID=08AfilJdAs 
&nbsp;  
&nbsp; It seems to cache that, and then doesnt ask for the username and password again after that. 
&nbsp;

dawn_parzych_20 · Answer

Based on the information provided I'm not sure if the problem is that content is being cached on the browser or on the WebAccelerator.  I think the problem is the former.  Edit the policy and for the Pages node: 
&nbsp;  
&nbsp; Select Acceleration Rules from the drown down box 
&nbsp; Select Lifetime 
&nbsp; Under Client Cache Settings 
&nbsp; Select Insert No-Cache Directive into header 
&nbsp; Save 
&nbsp; Publish 
&nbsp;  
&nbsp; This may require that the WebAccelerators cache be cleared not just invalidated.  Clearing the cache can only be done from the command line by issuing wa_clear_cache command.  This will restart the accelerator process as the process restarts no traffic for a WebAccelerator enabled virtual will be processed so please make sure there is no production traffic running through the WebAccelerator when this command is issued.

Forum Discussion

How not to cache SessionIDs

Recent Discussions

XC Bot defense question

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

NetScaler to F5 Migration

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

What is Web Cache Exploitation?

Distributed caching of authentication requests with NGINX Ingress Controller

DNS Caching

3. SYN Cookie: SYN Cache

TLS Caching Explained on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS