ChangeSession

Change the current session by executing the specified action.

$webinfo("SESSIONCOMMANDS"), "ChangeSession", "NEW" | "CLOSE" | "RENEW"

Parameters

  • NEW—invalidate the current session, and create a new session.

  • CLOSE—invalidate the current session.

  • RENEW—backup the attributes of the current session, then invalidate it, create a new session, and restore the session attributes to new session. (These are default actions, so you don't need to do anything unless you maintain state yourself. )

Description

The ChangeSession command instructs the WRD to invalidate the current session. The way in which the session is invalidated depends on the provided parameter. Invalidating the session is a defence strategy against a number of web security attacks.

If the parameter specying the action is omitted, the ChangeSession command is ignored.

Changing the Session ID

; Create a new session
putitem/id $webinfo("SESSIONCOMMANDS"), "ChangeSession", "NEW"

; Close the current session
putitem/id $webinfo("SESSIONCOMMANDS"), "ChangeSession", "CLOSE"

; Renew the current session
putitem/id $webinfo("SESSIONCOMMANDS"), "ChangeSession", "RENEW"

For a complete code example, see Session Fixation.

Related Topics