Enabling server-side session management#

By default, AEN uses client-side session management which is vulnerable to session replay attacks if an attacker manages to steal a valid session ID of a user.

To enable server-side session management:

  1. Modify the /opt/wakari/wakari-server/etc/wakari/wk-server-config.json file:

    "USE_SERVER_BASED_SESSIONS": true,
    
  2. Restart the AEN server service:

    sudo service wakari-server restart