Struts 2
  1. Struts 2
  2. WW-3858

Decouple token names from their respective session attribute names

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.4
    • Fix Version/s: 2.3.4.1
    • Component/s: Core Interceptors
    • Labels:
      None

      Description

      Currently token names are used as is to store session attributes for later token check. By namespacing session attributes security can be improved.

        Activity

          People

          • Assignee:
            Rene Gielen
            Reporter:
            Rene Gielen
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development