Applicable to: Futurama Website



In case the Futurama Website module is used it is possible to configure additional security settings. These settings are set in the security-section of the configuration file.



Within the element the next code has to be included:


Next to this code, also within the element the next code has to be included:

The futuramaSettings element is the general part for more configuration settings. Within this element the server element is set.


Within the security/web element some attributes can be set. Below the possible values of these attributes.


If set to true, Futurama verifies that subsequent requests are sent by the same user.


If set to true, the IP address of the remote user is included in the verification check. If the ip address was changed during the session, the session is aborted and abandoned by Futurama, also if this was unintentionally. For example, a change from a wired to a wireless connection would change the users IP address and thus end the session. In case do not have the security section in your web.config, includeIPaddress defaults to True.


This number defines the maximum number of sessions that Futurama allows. The default is 0, and means an unlimited number of sessions. If you specify a number, all requests for new sessions after the maximum number of sessions is reached will be transferred to the defined throttle page. With this setting you can reduce the risk of an attacker trying to flood the server with sessions.


This setting is only used when maxNumberOfSessions is greater than 0. When the maximum number of sessions is reached, the subsequent requests will be transferred to throttlepage. In the example we created a static HTML page TooManyUsers.htm and placed it in the root folder of the Futurama  installation.

allowSettingUservariablesThroughUrl (Futurama 2016.11 +)

This setting is for backwards compatibility and is deprecated. The default value is “False”.

onlyAllowCallsToVisibleButtons (Futurama 2016.11 +)

This property can be set to False to allow hardcoded links to buttonclick urls where the button is not present on the current page (e.g:

<a href="default.aspx?button=1231">

). The default value is “True”. See for more information the Compatibility paragraph below.

removeRequestParametersOnLogin(Futurama 2018.10 +)

This property can be set to True to remove all request parameters when the user is redirected from the login page to the startpage. This setting is only applicable when using Forms Authentication.


Before Futurama 20.16.11, it was possible to generate a tag within the text in an XML Converter that contained a link to a buttonclick (e.g: 'default.aspx?button=3124') which would execute the button click, regardless of the button location. From Futurama 6.0 this is only allowed if the button is present on the current webpage. Older applications that contain links to buttons on other webpages can be made functional by setting the 'onlyAllowCallsToVisibleButtons' to 'False', but this would consist of a security risk. A better solution is by creating a reference to the target button on the desired webpage, and using CSS to make them invisible.

Related Topics

- Cache: Settings regarding the caching of Futurama documents

- Debug: Settings to debug while developing with Futurama

- Format: Format settings of Futurama

- Identity provider: Settings how to use an external identity provider for determining the access to a website

- Log: Settings for displaying errors, warnings, information messages and developers messages

- Mail: Definition of the mailserver that is used to send e-mails with Futurama Vision

- Mapping: Settings for default locations of Futurama files

- Monitor: Settings for getting session information

- Rendering: Settings to allow Futurama to generate customized HTML

- Server: Settings when using Futurama Export either in server or in batch mode

- Vision: Configuration of the connection between Futurama and Futurama Vision


If you have any questions about this subject or if you want to provide us feedback please send us an e-mail.

Updated: 2015-04-23