Hello Ken,
Thank you for your post, It has various techniques and information available in the HTTP protocol, like Session Cookies, Source IP Address, User-Agent Header,
When we talk about Imperva WAF it has one of the technique known as Session Tracking Mechanisms, here this WAF will add token to a session to keep a track of it, below is one such reference article,
https://docs.imperva.com/bundle/v14.6-web-application-firewall-user-guide/page/2600.htm
Session cookie,
https://docs.imperva.com/bundle/v14.6-web-application-firewall-user-guide/page/1975.htm
------------------------------
Syed Noor Fazal
Product Support Engineer
------------------------------
Original Message:
Sent: 07-06-2023 03:54
From: Ken Chau
Subject: What does "Originating Session" mean?
Hi Syed,
I sometimes get this Session Attribute Change alert from our on-premise WAF. The details is about User Agent Mismatch as below. It seems that the user just changes the browser from one to another. Just wonder how the WAF determines that these connections are in the same session. Thank you.
User Agent Mismatch :
Expected Value: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 10.0; WOW64; Trident/7.0),
Observed Value: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
------------------------------
Ken Chau
IT Manager
Original Message:
Sent: 12-18-2022 00:53
From: Syed Noor Fazal
Subject: What does "Originating Session" mean?
Hello Jorge,
Thank you for the post, Originating session is nothing but let say we have a HTTP is stateless, so application designers had to develop a way to track the state between multiple connections from the same user, instead of requesting the user to authenticate upon each click in a Web application. A session is a series of interactions between two communication end points that occurs during the span of a single connection. When a user logs into an application a session is created on the server in order to maintain the state for other requests originating from the same user.Applications use sessions to store parameters which are relevant to the user. The session is kept "alive" on the server as long as the user is logged on to the system. The session is destroyed when the user logs-out from the system or after a predefined period of inactivity. When the session is destroyed, the user's data should also be deleted from the allocated memory space.
Usually we track it by session ID or session cookies.
------------------------------
Syed Noor Fazal
Product Support Engineer
Original Message:
Sent: 12-17-2022 16:04
From: Jorge Luis Santamaria Silupu
Subject: What does "Originating Session" mean?
Hi guys.
What does "Originating Session" mean?
Do you have any example? or do you know if an additional element can be added inside In the context of a single?
#On-PremisesWAF(formerlySecuresphere)