**LE Version 7.1+:**
-----------------------------
Since version 7.1 the Ivy Engine is able to reuse the authenticated session for the REST service call. This was implemented with [XIVY-1183][1].
Note that the Engine will check for the CSRF (X-Requested-By) mitigation in the header. See chapter [Engine REST Integration][2] in our documentation.
**LTS Version 7.0.11+:**
-----------------------------
We now will apply applied these changes to the LTS version 7.0.11 (story [XIVY-3119][3]).
Note that by default this feature is switched off and the Engine is also not checking for the CSRF header token.
In order to enable the session reuse you need to set the following Java system properties to `true`:
- `IVY_REST_SERVLET_SESSION_REUSE`
- `IVY_REST_SERVLET_CSRF_PROTECTION`
For security reasons it is highly recommended to enable the CSRF mitigation when enabling the REST session reuse.
[1]: https://jira.axonivy.com/jira/browse/XIVY-1183
[2]: https://developer.axonivy.com/doc/latest/DesignerGuideHtml/ivy.integration.html#ivy-integration-rest
[3]: https://jira.axonivy.com/jira/browse/XIVY-3119
