Session IDs for accessing the user interface
Sessions IDs are used for accessing the user interface. The use of session IDs offers effective protection from attacks, in which an attacker sends unauthorized commands to a web application.
How It Works
A session ID is an identification number which is generated by the FRITZ!Box to assign user queries to a particular session on the user interface. This session ID is saved locally on the user's interface and transmitted to the FRITZ!Box in the form an attributed (Uniform Resource Identifier).
Automatic logout in case of abuse
In addition to the general use of session IDs to increase security, the FRITZ!Box also has active protection enabled against possible attacks.
In the following cases, all active sessions will be closed for security reasons. Access to the FRITZ!Box is not possible until the user logs in again:
- a program is attempting to access the FRITZ!Box without a session ID
- a program is attempting to access the FRITZ!Box with an invalid session ID
- a program is attempting to access the FRITZ!Box permanently
When such programs are running in the background, normal access to the FRITZ!Box user interface is no longer possible. The FRITZ!Box will then regularly request that the user log in again. All programs that access the FRITZ!Box user interface should therefore support session IDs.
Automatic logout when idle
If no browser activity takes place for 20 minutes after a user logs in to the FRITZ!Box user interface, a timeout is activated: the user is automatically logged off the user interface. A new login is required for further access to the FRITZ!Box user interface.