-
Defect
-
Resolution: Won't Do
-
Critical
-
1.0.0-RC3
-
None
I don't believe that our current security setup allows us to foil Session Fixation attacks.
http://en.wikipedia.org/wiki/Session_fixation
I believe spring security 3 does this "out of the box."
It does seems as spring security 2.0 (which I believe we're using at this time) does support behavior for guarding against session fixation attacks.
http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-session-fixation
http://en.wikipedia.org/wiki/Session_fixation
I believe spring security 3 does this "out of the box."
It does seems as spring security 2.0 (which I believe we're using at this time) does support behavior for guarding against session fixation attacks.
http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-session-fixation
- is related to
-
GTWY-1723 Upgrade the gateway to Spring 3
-
- Done
-