Secure session cookies (instance security hardening)

Use the glide.ui.secure_cookies property to enforce the use of highly secure authentication cookies.

When you set the property is to true, authentication cookies contain only a token, and have no embedded user information.

On the service side, ßit looks up the token in the database, and associates it with a specific user. An authentication cookie can be used a single time only.
Once used, the cookie is invalidated and removed from the database so that it can't be used again. The service then issues a new cookie.

More information


Attribute	Description
Property name	glide.ui.secure_cookies
Configuration type	System Properties (/sys_properties_list.do)
Configure in Instance Security Center	Yes
Purpose	To achieve more secure session authentication.
Recommended value	true
Functional impact	(Low) When the property is set to true, pre-existing, low-security authentication cookies are rejected. When such a cookie is rejected, the user must login again.
Security risk	(High) If you set the property to false, an attacker can exploit low-security authentication cookies, in an attempt to compromise the Now Platform.

To learn more about adding or creating a system property, see Add a system property.

Secure session cookies (instance security hardening)

Use the glide.ui.secure_cookies property to enforce the use of highly secure authentication cookies.

When you set the property is to true, authentication cookies contain only a token, and have no embedded user information.

On the service side, ßit looks up the token in the database, and associates it with a specific user. An authentication cookie can be used a single time only.
Once used, the cookie is invalidated and removed from the database so that it can't be used again. The service then issues a new cookie.


Attribute	Description
Property name	glide.ui.secure_cookies
Configuration type	System Properties (/sys_properties_list.do)
Configure in Instance Security Center	Yes
Purpose	To achieve more secure session authentication.
Recommended value	true
Functional impact	(Low) When the property is set to true, pre-existing, low-security authentication cookies are rejected. When such a cookie is rejected, the user must login again.
Security risk	(High) If you set the property to false, an attacker can exploit low-security authentication cookies, in an attempt to compromise the Now Platform.

To learn more about adding or creating a system property, see Add a system property.