Project

General

Profile

Bug #1704

session identifier can get into URL, when link is clicked before page completely loaded

Added by Boris Nagaev over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
02/16/2013
Due date:
% Done:

0%

Estimated time:

Description

I opened http://www.webtoolkit.eu/wt/ and clicked "Blog" link as soon as possible. Address in address bar was changed to http://www.webtoolkit.eu/wt/blog?wtd=2bekcaGD1Ay9GKw2n0WCk0RMFI9EXu4I. In this case any external resource (i.e., image) can steal session identifier.

Browser version 24.0.1312.70.

#1

Updated by Koen Deforche over 7 years ago

  • Status changed from New to Resolved
  • Assignee set to Koen Deforche

Hey,

This has been fixed in 3.3.0 (which we did not yet deploy on our homepage as we are migrating to a new VPS).

Regards,

koen

#2

Updated by Koen Deforche over 7 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF