arjantijms
commented
6 months ago +1 indeed for not leaking the session ID anyway, and even more so when it's not needed.
Closed jasondlee closed 4 months ago
arjantijms
commented
6 months ago +1 indeed for not leaking the session ID anyway, and even more so when it's not needed.
The client window ID generated in ClientWindowImpl contains the session ID, which is not needed for this functionality, and exposure of the session ID can be used to compromise security. This method should be modified, then, so as not to use the session. PR incoming.