Skip to main content

[JIRA] Assigned: (SERVLET_SPEC-13) Make session fixation protection part of the spec

  • From: "Shing Wai Chan (JIRA)" <jira-no-reply@...>
  • To: issues@...
  • Subject: [JIRA] Assigned: (SERVLET_SPEC-13) Make session fixation protection part of the spec
  • Date: Wed, 18 Jan 2012 01:03:25 +0000 (GMT+00:00)
  • Auto-submitted: auto-generated


     [ 
http://java.net/jira/browse/SERVLET_SPEC-13?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Shing Wai Chan reassigned SERVLET_SPEC-13:
------------------------------------------

    Assignee: Shing Wai Chan  (was: Rajiv Mordani)

> Make session fixation protection part of the spec
> -------------------------------------------------
>
>                 Key: SERVLET_SPEC-13
>                 URL: http://java.net/jira/browse/SERVLET_SPEC-13
>             Project: servlet-spec
>          Issue Type: Improvement
>            Reporter: markt_asf
>            Assignee: Shing Wai Chan
>
> One of the options for providing protection against session fixation is to 
> change the ID of a session on authentication. It would be good if something 
> along the lines of a changeId() method could be added to the session 
> interface to enable custom security solutions to do this easily. An 
> associated event for sessions listeners would also be required.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://java.net/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[JIRA] Assigned: (SERVLET_SPEC-13) Make session fixation protection part of the spec

Shing Wai Chan (JIRA) 01/18/2012
 
 
Close
loading
Please Confirm
Close