Loading...

XML

Word

Printable

Type: Bug Report
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 7.10.0, 7.8.7, 7.9.1, 7.10.0-alpha1
Affects Version/s: None
Component/s: engine
Labels:
- SUPPORT

Reproduce:

Login to any webapp
Take note of the session ID (Cookie JSESSIONID)
Logout
Login again

Expected:

New session ID is different from the first session ID

Observed:

Same session ID is used

Hints:

The session cookie is set to expire at the end of the session. In most browsers this is when all browser windows are closed
The current behavior allows an user to steal another users session in a scenario where both users share the same computer and browser

This is the controller panel for Smart Panels app

Assignee:: Michael Schoettes

Reporter:: Sebastian Stamm

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 17/May/18 4:32 PM

Updated:: 03/Jul/18 10:51 AM

Resolved:: 07/Jun/18 2:34 PM