Add a question that involves a bad jsessionid

arnobl / WebEngineering-INSA

Companion web page of the Web Engineering class at INSA Rennes

GNU General Public License v3.0

3 stars 7 forks source link

Add a question that involves a bad jsessionid #28

Open arnobl opened 5 months ago

arnobl commented 5 months ago

The idea is to forge a request that contains a bad jsessionid (that does not correspond to any authen' user). So Principal object is null and may lead to an NPE in the controller.