PEGA-SESSION-COOKIE

WyattH52 · July 26, 2024, 2:58pm

Good Day,

We recently ran a security scan and got an alert on the PEGA-SESSION-COOKIE. “The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.This issue was found in multiple locations under the reported path.”

Is this cookie being used for maintaining user sessions on the Pega platform?

Thanks

Anupam_Dubey · July 28, 2024, 12:38pm

Hello @WyattH52,

I am hoping that your environment is on Pega Cloud, as this is a cookie that we use for Pega Cloud environments for session stickiness. This cookie does not contain any sensitive information and is only used for routing the requests to the correct node and does not pose any risk.

We do not use this cookie to maintain the authenticated user sessions.

Conversation		Replies	Views
Pega sending Cookies in header for stateless service response General pega-platform , lead-system-architect , pega-cloud , financial-services , pega-infinity	2	107	September 3, 2024
What is the pega-perf cookie for , i.e. what is its purpose? General senior-system-architect , performance , 8-7	1	296	November 8, 2022
Get session information from service REST Request General pega-platform , data-integration , java-and-activities , dev-designer-studio	1	345	October 26, 2022
Pega web embed and use of third party cookies User Experience user-experience , lead-system-architect , 8-8-3	2	659	September 19, 2023
How does it manage sessions in Pega? General pega-platform , agent-desktop	1	327	March 6, 2024

PEGA-SESSION-COOKIE

Related topics