Which of the following Spring Security Framework configuration setting will ensure the protection from session fixation attacks by not allowing authenticated user to login again?
In Spring Security, the configuration setting that helps protect against session fixation attacks by migrating the session after the user is authenticated is migrateSession. When this setting is used, Spring Security will ensure that a new session is created upon authentication, thereby invalidating the old session and mitigating the risk of session fixation attacks.
So the correct answer is:
B. session-fixation-protection ="migrateSession"
Here's how you might use it in XML-based Spring Security configuration:
<session-management session-fixation-protection="migrateSession" />
The other options are not standard settings for session fixation protection in Spring Security:
newSessionID: This is not a standard Spring Security setting for session fixation protection.
enabled: While enabling session management is important, this specific value is not used for session fixation protection in Spring Security.
protectSession: This is not a standard Spring Security setting for session fixation protection.
Therefore, migrateSession is the correct choice for protecting against session fixation attacks by ensuring that authenticated users get a new session.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.312-96 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
yawmumma
8 months, 1 week ago