AWS Security ChangesHomeSearch

AWS appstream2 documentation change

Service: appstream2 · 2025-11-07 · Documentation low

File: appstream2/latest/developerguide/cookie-auth.md

Summary

Updated product name references from 'Amazon AppStream 2.0' to 'Amazon WorkSpaces Applications' throughout the document

Security assessment

The changes are purely branding updates replacing 'AppStream 2.0' with 'WorkSpaces Applications'. No security content was added or modified beyond product name changes. The existing security recommendations about cookie authentication remain unchanged in substance.

Diff

diff --git a/appstream2/latest/developerguide/cookie-auth.md b/appstream2/latest/developerguide/cookie-auth.md
index 89b4b82e2..bd85df27b 100644
--- a//appstream2/latest/developerguide/cookie-auth.md
+++ b//appstream2/latest/developerguide/cookie-auth.md
@@ -3 +3 @@
-[Documentation](/index.html)[Amazon AppStream 2.0](/appstream2/index.html)[Administration Guide](what-is-appstream.html)
+[Documentation](/index.html)[Amazon WorkSpaces Applications](/appstream2/index.html)[Administration Guide](what-is-appstream.html)
@@ -5 +5 @@
-# Cookie-Based Authentication in Amazon AppStream 2.0
+# Cookie-Based Authentication in Amazon WorkSpaces Applications
@@ -7 +7 @@
-AppStream 2.0 uses browser cookies to authenticate streaming sessions and allow users to reconnect to an active session without re-entering their sign-in credentials every time. Authentication tokens are stored in browser cookies for every authentication scenario. While cookies are necessary for many online services, they can potentially be vulnerable to cookie theft attacks. We strongly recommend that you take proactive measures to prevent cookie theft, such as implementing robust endpoint protection solutions for your users' devices. Furthermore, to mitigate the potential impact in the event of cookie theft, we advise you to consider the following actions:
+WorkSpaces Applications uses browser cookies to authenticate streaming sessions and allow users to reconnect to an active session without re-entering their sign-in credentials every time. Authentication tokens are stored in browser cookies for every authentication scenario. While cookies are necessary for many online services, they can potentially be vulnerable to cookie theft attacks. We strongly recommend that you take proactive measures to prevent cookie theft, such as implementing robust endpoint protection solutions for your users' devices. Furthermore, to mitigate the potential impact in the event of cookie theft, we advise you to consider the following actions:
@@ -9 +9 @@ AppStream 2.0 uses browser cookies to authenticate streaming sessions and allow
-  * **Enforce single-session limit** : For your AppStream 2.0 Windows images, create a registry key under `HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\session-management` with the name **max-concurrent-clients** set to 1 to only allow one connection at a time. This limits the number of concurrent session to one, and blocks mirroring of active sessions. For more information, see [session-management Parameters](https://docs.aws.amazon.com/dcv/latest/adminguide/config-param-ref.html#session_management).
+  * **Enforce single-session limit** : For your WorkSpaces Applications Windows images, create a registry key under `HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\session-management` with the name **max-concurrent-clients** set to 1 to only allow one connection at a time. This limits the number of concurrent session to one, and blocks mirroring of active sessions. For more information, see [session-management Parameters](https://docs.aws.amazon.com/dcv/latest/adminguide/config-param-ref.html#session_management).
@@ -15 +15 @@ AppStream 2.0 uses browser cookies to authenticate streaming sessions and allow
-    * To help maximize security, users should end sessions properly with the toolbar (terminate session), instead of closing the streaming window. Ending the session through the toolbar terminates both the user session and the streaming instance. This requires re-authentication for future access, preventing cookie misuse. If a user closes the streaming window without ending the session, the session and instance remains active for a configurable disconnect timeout period (in minutes). The disconnect timeout must be a number between 1 and 5760, with a default value of 15 minutes. To prevent misuse of inactive sessions, we recommend setting a short disconnect timeout. For more information, see [Create a Fleet in Amazon AppStream 2.0](./set-up-stacks-fleets-create.html).
+    * To help maximize security, users should end sessions properly with the toolbar (terminate session), instead of closing the streaming window. Ending the session through the toolbar terminates both the user session and the streaming instance. This requires re-authentication for future access, preventing cookie misuse. If a user closes the streaming window without ending the session, the session and instance remains active for a configurable disconnect timeout period (in minutes). The disconnect timeout must be a number between 1 and 5760, with a default value of 15 minutes. To prevent misuse of inactive sessions, we recommend setting a short disconnect timeout. For more information, see [Create a Fleet in Amazon WorkSpaces Applications](./set-up-stacks-fleets-create.html).
@@ -17 +17 @@ AppStream 2.0 uses browser cookies to authenticate streaming sessions and allow
-  * **Limit access to stream AppStream 2.0 applications to your IP ranges** : We recommend that you implement IP-based IAM policies. This ensures that AppStream 2.0 sessions can only be accessed from clients whose IP address belongs to an authorized IP range. All connection attempts initiated by a user whose client's IP address is outside an authorized range will be denied, even if they are presenting an otherwise valid authentication cookie (potentially stolen from a user). For more information, see [Limit access to stream Amazon AppStream 2.0 applications to your IP ranges](https://aws.amazon.com/blogs/desktop-and-application-streaming/limit-access-to-stream-amazon-appstream-2-0-applications-to-your-ip-ranges/).
+  * **Limit access to stream WorkSpaces Applications applications to your IP ranges** : We recommend that you implement IP-based IAM policies. This ensures that WorkSpaces Applications sessions can only be accessed from clients whose IP address belongs to an authorized IP range. All connection attempts initiated by a user whose client's IP address is outside an authorized range will be denied, even if they are presenting an otherwise valid authentication cookie (potentially stolen from a user). For more information, see [Limit access to stream Amazon AppStream 2.0 applications to your IP ranges](https://aws.amazon.com/blogs/desktop-and-application-streaming/limit-access-to-stream-amazon-appstream-2-0-applications-to-your-ip-ranges/).
@@ -19 +19 @@ AppStream 2.0 uses browser cookies to authenticate streaming sessions and allow
-  * **Add additional authentication** : To launch domain-joined streaming instances, you can join your AppStream 2.0 Always-On and On-Demand Windows fleets and image builders to domains in Microsoft Active Directory, and use your existing Active Directory domains, either cloud-based or on-premises. After the initial SAML-based authentication, your users will be prompted to provide their domain credentials for additional authentication against the organizational domain. For more information, see [Using Active Directory with AppStream 2.0](./active-directory.html).
+  * **Add additional authentication** : To launch domain-joined streaming instances, you can join your WorkSpaces Applications Always-On and On-Demand Windows fleets and image builders to domains in Microsoft Active Directory, and use your existing Active Directory domains, either cloud-based or on-premises. After the initial SAML-based authentication, your users will be prompted to provide their domain credentials for additional authentication against the organizational domain. For more information, see [Using Active Directory with WorkSpaces Applications](./active-directory.html).