1. Session safety

    Article: AN0002331Updated: 25.03.2019

    When Forms authentication is used, setting SessionSafety in the file web.config enables to manage level of security for the user session for applications of various type and requirements on security. When Windows authentication is used, this setting has no effect.

    There are three modes available:

    Value ObjectGears instance behaviour
    None Application enables access from more IP addresses and more Sessions for a single user.
    NoIPChangePerSession Application enables access from more IP addresses and more Sessions for a single user. However, once IP is changed for some session, user is logged off from the given session nad has to logon again. Sessions where IP was not changed are still available and the user does not need to logon for them again.
    OneSessionOneIP Highest protection - application enables access from one IP and one Session for a single user. When IP or session is changed, the user has to logon again. Logon in one session (e.g. Chrome), results in log off from other sessions (another browser - e.g. Firefox, IE, Edge or another device).


    Choose the appropriate mode according to your requirements on security (level of elimination of potential threats) and comfort for the user (possibility to work with one account from more browsers/devices or to move between network providers without need to logon again).