Security settings (JSP-Loginapp migration)

The following table provides information about the availability of JSP-Loginapp features in the Loginapp REST UI and high-level migration hints (where available).

Information about the availability of upcoming releases is indicative and subject to change.

Please note the additional information on discontinued functions (see link below).

Security settings



Description and migration hints

CSRF protection


Cross-site request forgery protection.

Migration hint

Configured in Loginapp >> REST Settings >> CSRF Protection.



Content security policy.

Migration hint

Configured in Loginapp >> UI Settings >> Loginapp REST UI Content Security Policy (CSP).

Store password in session ticket


Store password entered during authentication in the session (encrypted with a session key). This is necessary if the ID propagation requires the password.

Migration hint

See Password Attribute Key in the Username Password Authentication Step.

Behavior Upon Existing Session


Defines what happens when a user already has another open Loginapp session when logging in.

Migration hint

Configured in Loginapp >> Authentication Flows >> Behaviour Upon Existing Session.

Supports only non-interactive behaviors (Ignore Existing Session, Destroy Other User Session, Destroy Multiple Existing Sessions) but not the plugin Use Existing User Session Page.