Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-9532

JBOSS Not avoiding Session Fixation

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Critical
    • None
    • JBossAS-4.2.0.GA
    • Security
    • None

    Description

      I am using JBOSS 4.2 GA. I am able to fix the session id on the application server. JBOSS is not validating the JSESSIONID value, whether it is generated by itself or not. Is this the expected behaviour of JBOSS??

      Attachments

        Activity

          People

            anil.saldhana Anil Saldanha (Inactive)
            altafshussain Altaf Hussain (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: