[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-2105) pluggable conversation id strategy
Marcus Adair (JIRA)
jira-events at lists.jboss.org
Wed Oct 17 12:18:03 EDT 2007
[ http://jira.jboss.com/jira/browse/JBSEAM-2105?page=comments#action_12383080 ]
Marcus Adair commented on JBSEAM-2105:
--------------------------------------
Perhaps I'm mistaken, but according to a test by another member of my team, the conversation id is currently globally incremented, meaning that although it is only valid within a single session, the number is incremented at the application level, so two users in two sessions starting four conversations would have conversation Ids 1, 2, 3, and 4. If this is the case then the global increment is precisely what we perceive as a security problem, so I'm in agreement with you, Norman.
>From the sounds of it your perception is that the increment is not global, so I'm going to re-test this myself shortly, and I apologize in advance if we just got that wrong.
> pluggable conversation id strategy
> ----------------------------------
>
> Key: JBSEAM-2105
> URL: http://jira.jboss.com/jira/browse/JBSEAM-2105
> Project: JBoss Seam
> Issue Type: Feature Request
> Reporter: Norman Richards
> Fix For: 2.0.1.GA
>
> Attachments: patch_file
>
>
> Conversation id generation should be managed by a component that can be overridden for specific deployments. We might even consider providing a more interesting default (or optional) strategy like a GUID.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list