Security: We need to generate a new session id when user logs in.

latos / wave-protocol

Automatically exported from code.google.com/p/wave-protocol

0 stars 0 forks source link

Security: We need to generate a new session id when user logs in. #132

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

We are should generate a new session see code here:
 http://code.google.com/p/wave-protocol/source/browse/src/org/waveprotocol/box/server/rpc/AuthenticationServlet.java#127

This can be a security vulnerability.

Original issue reported on code.google.com by zdw...@google.com on 1 Nov 2010 at 12:58