When the User Connection Identity is not set to "none" you can use this option to ensure that an active session cannot be "hi-jacked" somehow by another user. There are many measures that can be taken to ensure this doesn't happen (see Session Connection Security ), but a crafty user with a browser debugger can sometimes get around any prevention!
By checking, the active user identity as provided by your active IAM option will be verified any time a user reconnects to a session...this can be due to a websocket recovery or using the Track Users Active Sessions and Display Users Active Sessions options, where a user can click on an active session to reconnect.
Un-Checked |
User identity will not be verified during a reconnect. In some environments that are using "homegrown" user identity, this may be required as the user identity may not always be available during recovery or clicking on an active session. |
Checked |
User Identity will be verified on each reconnect, whether by clicking an an active session or a websocket / Ajax error recovery event. |
Note that when a user is not verified during a Strict User check, the following will be displayed (translated if user is not English-speaking):
Network Errors caused loss of connection to your session--if this continues please contact your technical support team
There will also be a log file written to the active FVTerm log folder (default c:\programdata\inventu\fvterm\logs), with the name "wronguser_[cookie name].log" which will contain the client-side websocket log to assist in any diagnostics of how the wrong user event occurred.
