Project

General

Profile

Actions
Copy link

Bug #1704

closed

session identifier can get into URL, when link is clicked before page completely loaded

Added by Boris Nagaev about 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Koen Deforche
Target version:
3.3.0
Start date:
02/16/2013
Due date:
% Done:

0%

Estimated time:

Description

I opened http://www.webtoolkit.eu/wt/ and clicked "Blog" link as soon as possible. Address in address bar was changed to http://www.webtoolkit.eu/wt/blog?wtd=2bekcaGD1Ay9GKw2n0WCk0RMFI9EXu4I. In this case any external resource (i.e., image) can steal session identifier.

Browser version 24.0.1312.70.

Actions
Copy link
 #1

Updated by Koen Deforche about 11 years ago

  • Status changed from New to Resolved
  • Assignee set to Koen Deforche

Hey,

This has been fixed in 3.3.0 (which we did not yet deploy on our homepage as we are migrating to a new VPS).

Regards,

koen

Actions
Copy link
 #2

Updated by Koen Deforche about 11 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF