Fix session fixation vulnerability #253

stevenrombauts · 2015-10-27T18:34:41Z

The session id is not being generated after logging in, leaving users vulnerable to session fixation vulnerabilities. After logging on, an existing session should be forked if it's already active to generate a new id.

See:

stevenrombauts added the security label Oct 27, 2015

stevenrombauts self-assigned this Oct 27, 2015

stevenrombauts pushed a commit that referenced this issue Oct 27, 2015

#253 - Prevent session fixation by forking active sessions on login

648ed92

stevenrombauts mentioned this issue Oct 27, 2015

Fix session fixation vulnerability #254

Merged

johanjanssens added this to the 1.0.1 milestone Oct 27, 2015

johanjanssens unassigned stevenrombauts Oct 27, 2015

johanjanssens closed this as completed Nov 13, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix session fixation vulnerability #253

Fix session fixation vulnerability #253

stevenrombauts commented Oct 27, 2015

Fix session fixation vulnerability #253

Fix session fixation vulnerability #253

Comments

stevenrombauts commented Oct 27, 2015