Masking Session IDs in Integration Server Session and Server Logs
Integration Server allows authorised administrator users to secure Session IDs in the session and server logs. When you enable the option of securing Session IDs, Integration Server uses the asterisk (*) character to mask the Session ID strings in the logs. Therefore, no user accessing the log entries can view the actual Session IDs. This increases the security of Integration Server sessions by preventing malicious access to an active session of a genuine user.
Note: | The Session IDs are not masked when Integration Server writes the session log entries to the audit logs. For more information about setting up audit logging, see the webMethods Audit Logging Guide. |
The authorised administrator users can secure Session IDs by editing the maskSessionID.properties file in the Integration Server installation directory.
Important: |  Only those users who belong to the Administrators ACL and have write access to the maskSessionID.properties file can edit its contents. All the other administrator users will only have read access to the particular properties file. The authorized administrator user must manually edit the contents of the maskSessionID.properties file. |
To mask Session IDs
1. Navigate to the maskSessionID.properties file that resides in the Integration Server_directory \instances\instance_name\config\security\session\ directory.
2. Open maskSessionID.properties and set maskSessionID = true.
3. Save your changes and restart Integration Server.
Note: | You must restart Integration Server whenever you update the contents of the maskSessionID.properties file. |
