---
title: Journey session allowlisting
description: Enable journey session allowlisting to protect journey sessions from replay attacks.
component: pingam
version: 8.1
page_id: pingam:security:auth-session-whitelist
canonical_url: https://docs.pingidentity.com/pingam/8.1/security/auth-session-whitelist.html
keywords: ["Security", "Sessions", "Authentication", "Setup &amp; Configuration"]
page_aliases: ["security-guide:auth-session-whitelist.adoc"]
section_ids:
  proc-configure-auth-session-whitelisting: Configure journey session allowlisting
---

# Journey session allowlisting

Enable journey session allowlisting to protect journey sessions from replay attacks.

When journey session allowlisting is enabled, AM generates a key-value pair for each journey session and stores it for the length of the journey in the following ways:

* For client-side journey sessions, AM stores the key-value pair in the CTS token store.

* For server-side journey sessions, AM creates the key-value pair as a session property in the journey session.

* For in-memory journey sessions, AM creates the key-value pair as a session property in the journey session.

Each time the journey flow reaches an authentication node, AM modifies the value of the stored key-value pair and sends it to the user or client that it is progressing through the journey. The next request to AM to continue the journey must contain the key-value pair and must match the value expected by AM.

If the user or client can't provide the key-value pair with the values AM expects, AM doesn't continue the journey, therefore protecting the journey against malicious users wanting to rewind to a previous node.

Perform the following steps to configure journey session allowlisting:

## Configure journey session allowlisting

1. Go to Realms > *realm name* > Authentication > Settings > Trees.

2. Choose Enable Allowlisting.

3. Click Save.