[jboss-user] [JBoss Seam] - Is "remember me" cookie vulnerable
amitev
do-not-reply at jboss.com
Sun Jun 24 17:59:18 EDT 2007
Hi! I just played a little with remember cookie. I've created a login page and checkbox for remember me. When i logged in i saw the cookie in the browser:
cookie name: org.jboss.seam.security.username
content: <my username here>
Then i've opened a new instance of the broweser and opened the site and i was logged in automatically.
So, the question is: if someone create his own cookie with my username would be logged in seam with my session?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4057212#4057212
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4057212
More information about the jboss-user
mailing list