Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-3858

Decouple token names from their respective session attribute names

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.4
    • Fix Version/s: 2.3.4.1
    • Component/s: Core Interceptors
    • Labels:
      None

      Description

      Currently token names are used as is to store session attributes for later token check. By namespacing session attributes security can be improved.

        Attachments

          Activity

            People

            • Assignee:
              rgielen Rene Gielen
              Reporter:
              rgielen Rene Gielen
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: