Skip to content
This repository has been archived by the owner on Feb 4, 2021. It is now read-only.

Fix session fixation vulnerability #253

Closed
stevenrombauts opened this issue Oct 27, 2015 · 0 comments
Closed

Fix session fixation vulnerability #253

stevenrombauts opened this issue Oct 27, 2015 · 0 comments
Labels
Milestone

Comments

@stevenrombauts
Copy link
Member

The session id is not being generated after logging in, leaving users vulnerable to session fixation vulnerabilities. After logging on, an existing session should be forked if it's already active to generate a new id.

See:

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

2 participants