[jboss-jira] [JBoss JIRA] (JBAS-9532) JBOSS Not avoiding Session Fixation
Altaf Hussain (JIRA)
jira-events at lists.jboss.org
Tue Apr 9 06:18:42 EDT 2013
Altaf Hussain created JBAS-9532:
-----------------------------------
Summary: JBOSS Not avoiding Session Fixation
Key: JBAS-9532
URL: https://issues.jboss.org/browse/JBAS-9532
Project: Application Server 3 4 5 and 6
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Security
Affects Versions: JBossAS-4.2.0.GA
Environment: Unix
Reporter: Altaf Hussain
Assignee: Anil Saldhana
Priority: Critical
I am using JBOSS 4.2 GA. I am able to fix the session id on the application server. JBOSS is not validating the JSESSIONID value, whether it is generated by itself or not. Is this the expected behaviour of JBOSS??
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list