When using REST services, you want to prevent the processing of malicious site requests. Oracle ATG Web Commerce platform uses a request parameter _dynSessConf, which contains a session confirmation number, to verify that a request is legitimate. For further information on session confirmation numbers, and the warnings that occur if the request is not legitimate, refer to the DAFDropletEventServlet section of the ATG Platform Programming Guide.

For Development Purposes Only: The Dynamo session confirmation numbers are required to ensure that your REST sessions remain secure. During your development process, you may not want to use these numbers because session confirmation numbers must be passed in for all form actors and component actors that will set property values. Should you elect to turn them off for development, you must turn them back on when you put your code into production. To disable the session confirmation numbers, set the enforceSessionConfirmation parameter in your local /atg/dynamo/service
file to false. For additional information, refer to The Form Element and The Component Element sections. For information on getting the Dynamo session confirmation number, refer to the Getting the Session Confirmation Number section.

Copyright © 1997, 2013 Oracle and/or its affiliates. All rights reserved. Legal Notices