Submitted by Anonymous (not verified) on Tue, 10/20/2015 - 18:13

Niels Liisberg

Tue, 10/20/2015 - 18:27

Yes - the session ID can be encrypted. Simply add the encrypt=true and set an encryption key of you choice in the webConfic.xml in the session tag:

Encryption screenshot

The session cookie will now look like this:

Response Header

Note: While the server is in development mode you can se the original session ID in the x-session header (as above). All default x- header is not displayed in production environments.

Best regards,

Niels Liisberg