Improvements #11049: Mitigate issues that may arise from changing the session id - Wt - Redmine

Actions

Copy link

Improvements #11049

open

Mitigate issues that may arise from changing the session id

Added by Roel Standaert about 2 years ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

future

Start date:

11/07/2022

Due date:

% Done:

Estimated time:

Description

One major downside to the fact that session ids may change (e.g. when logging in, to mitigate session fixation attacks) is that it can cause issues with functions that expect the session id to stay the same, like WServer::post.

We should find a way to fix this, e.g. by adding a session token that changes, which should be provided in the wtd parameter (or in an additional parameter), while the session id stays the same for use in functions like WServer::post.

Related issues 1 (1 open — 0 closed)

History
Property changes

Actions

Copy link

Updated by Roel Standaert about 2 years ago

Related to Feature #11036: Thread safe smart (weak) pointer for WApplication added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Wt