You may have noticed that Password Manager does not currently generate renew the session token during usage. This may be perceived as a vulnerability.
This is by design. Password Manager uses workflows and requires authentication prior to performing other actions. In other words, you cannot bypass previous steps of workflow even if you have valid session id.
An enhancement request 84783 has been created detailing the feature: Clear sessions on timeout or logout, in addition to always issuing new tokens during authentication.
STATUS
The product team will evaluate the request and this feature may become available on a future release of the product.
Please refer to this article for updates or contact support referencing the Enhancement Request ID 84783.
Note this was previously tracked as ID 635787.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center