[WAVE-133] Security: We need to generate a new session id when user logs in. - ASF JIRA

Add vote

Watch issue

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Server
Labels:
- security

Description

We are should generate a new session see code here:
http://code.google.com/p/wave-protocol/source/browse/src/org/waveprotocol/box/server/rpc/AuthenticationServlet.java#127

This can be a security vulnerability.

—
Issue imported from http://code.google.com/p/wave-protocol/issues/detail?id=132

Owner: so...@google.com
Label: Type-Defect
Label: Priority-Medium
Stars: 1
State: open
Status: Accepted

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Anonymous

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 28/Apr/11 18:24

Updated:: 20/Apr/15 22:47

Agile

Slack

Issue deployment