Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-9089

Session ID is reused

    XMLWordPrintable

Details

    Description

      Reproduce:

      • Login to any webapp
      • Take note of the session ID (Cookie JSESSIONID)
      • Logout
      • Login again

      Expected:

      • New session ID is different from the first session ID

      Observed:

      • Same session ID is used

      Hints:

      • The session cookie is set to expire at the end of the session. In most browsers this is when all browser windows are closed
      • The current behavior allows an user to steal another users session in a scenario where both users share the same computer and browser

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Activity

            People

              michael.schoettes Michael Schoettes
              sebastian.stamm Sebastian Stamm
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Salesforce