How to set "Use Cookies" for IIS Web Site Session States instead of "Use URI" for Statistica Server?

How to set "Use Cookies" for IIS Web Site Session States instead of "Use URI" for Statistica Server?

book

Article ID: KB0074258

calendar_today

Updated On:

Products Versions
Spotfire Statistica 12.7 and higher

Description

For any IIS website installed with Statistica Server, like Web Data Entry, use of the URI, which contains a session string, can be copied from one user to another.  The user whom obtains the new URL that contains the same session screen can impersonate the first user.  This is a security risk.  How can this be resolved?
 

Issue/Introduction

This article discusses the "Use Cookies" for IIS Web Site Session States instead of "Use URI" for Statistica Server (Web Data Entry, specifically).

Environment

Windows operating systems only.

Resolution

1.  Open IIS Manager, go to Sites | Default Web Site | DataEntry, double-click Sessions:

Session State in IIS

2.  Select "Use Cookies" under Mode in Cookie Settings section:

Use Cookies for Mode in IIS Sessions State

3.  Click "Apply" to the right.  

 

 

 

 

Powered by Wolken Software