Project

General

Profile

Improvements #11049

Mitigate issues that may arise from changing the session id

Added by Roel Standaert 26 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
Start date:
11/07/2022
Due date:
% Done:

0%

Estimated time:

Description

One major downside to the fact that session ids may change (e.g. when logging in, to mitigate session fixation attacks) is that it can cause issues with functions that expect the session id to stay the same, like WServer::post.

We should find a way to fix this, e.g. by adding a session token that changes, which should be provided in the wtd parameter (or in an additional parameter), while the session id stays the same for use in functions like WServer::post.


Related issues

Related to Feature #11036: Thread safe smart (weak) pointer for WApplicationNew10/31/2022

Actions
#1

Updated by Roel Standaert 26 days ago

  • Related to Feature #11036: Thread safe smart (weak) pointer for WApplication added

Also available in: Atom PDF