Closed aaroneiche closed 8 years ago
If a session is cleared or destroyed, Requests for item details are still received and returned to the front end. Aside from a security weakness, the lack of the user id in the backend means that reservation data is revealed to the front end.
Fixed in 13ef1ee2
aaroneiche
commented
8 years ago
If a session is cleared or destroyed, Requests for item details are still received and returned to the front end. Aside from a security weakness, the lack of the user id in the backend means that reservation data is revealed to the front end.