comparison libervia/web/server/tasks/implicit/task_js_modules.py @ 1598:86c7a3a625d5

server: always start a new session on connection: The session was kept when a user was connecting from service profile (but not from other profiles), this was leading to session fixation vulnerability (an attacker on the same machine could get service profile session cookie, and use it when a victim would log-in). This patch fixes it by always starting a new session on connection. fix 443
author Goffi <goffi@goffi.org>
date Fri, 23 Feb 2024 13:35:24 +0100
parents 038d4bfdd967
children d07838fc9d99
comparison
equal deleted inserted replaced
1597:c1c1d68d063e 1598:86c7a3a625d5