The property com.openexchange.cookie.hash is added to the configuration file It configures if the hash for the cookie validation is calculcated on every request or simply remembered in the session object. Calculating the hash value is more secure because changes in the User-Agent HTTP header lead to a session invalidation. Those changes are ignored if the hash is used from the session.

Possible side effects of the hash calculation on every request may be more frequent session invalidation. If that takes place switch the property to remember the hash in the session.