Open smmclaughlin opened 2 years ago
Session_Fixation issue exists @ root/logout.jsp in branch master
Method session.setAttribute at line 3 of root\logout.jsp performs user authentication without terminating existing sessions. This may enable Session Fixation.
Severity: Medium
CWE:384
Checkmarx
Training Recommended Fix
Lines: 3 4 5
Code (Line #3):
session.setAttribute("username", null);
Code (Line #4):
session.setAttribute("usertype", null);
Code (Line #5):
session.setAttribute("userid", null);
Issue still exists.
smmclaughlin
commented
2 years ago
Session_Fixation issue exists @ root/logout.jsp in branch master
Method session.setAttribute at line 3 of root\logout.jsp performs user authentication without terminating existing sessions. This may enable Session Fixation.
Severity: Medium
CWE:384
Checkmarx
Training Recommended Fix
Lines: 3 4 5
Code (Line #3):
Code (Line #4):
Code (Line #5):