Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-9089

Session ID is reused

    XMLWordPrintable

    Details

      Description

      Reproduce:

      • Login to any webapp
      • Take note of the session ID (Cookie JSESSIONID)
      • Logout
      • Login again

      Expected:

      • New session ID is different from the first session ID

      Observed:

      • Same session ID is used

      Hints:

      • The session cookie is set to expire at the end of the session. In most browsers this is when all browser windows are closed
      • The current behavior allows an user to steal another users session in a scenario where both users share the same computer and browser

        Attachments

          Activity

            People

            Assignee:
            michael.schoettes Michael Schoettes
            Reporter:
            sebastian.stamm Sebastian Stamm
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: