CSRF ONLY work at HttpSession level

Hi, experts

Through my experiment at WebMethods DEV integration server, when I turned ON csfr, CSRF only works at current session.

If I refreshes dap page or log in new session, CSRF function goes off ( I can access dsp page)

In conclusion, CSRF works ONLY inside HTTP session

please let me know how to solve this issue

Thanks

Leon

Hi Leon,
What you mean by CSRF function goes off, does it mean when you do refresh DSP page and you don’t see CSRF token ? What is the Integration Server version you are using?

Generally, after enabling the CSRF guard in IS (Security > CSRF Guard ), you should refresh the home page and then all the access to any page will have CSRF token. And even after logout and login , CSRF is enabled.

Thanks.