-
Type:
Defect
-
Resolution: Won't Do
-
Priority:
Critical
-
Affects Version/s: 1.0.0-RC3
-
Component/s: Security
-
None
I don't believe that our current security setup allows us to foil Session Fixation attacks.
http://en.wikipedia.org/wiki/Session_fixation
I believe spring security 3 does this "out of the box."
It does seems as spring security 2.0 (which I believe we're using at this time) does support behavior for guarding against session fixation attacks.
http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-session-fixation
http://en.wikipedia.org/wiki/Session_fixation
I believe spring security 3 does this "out of the box."
It does seems as spring security 2.0 (which I believe we're using at this time) does support behavior for guarding against session fixation attacks.
http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-session-fixation
- is related to
-
GTWY-1723 Upgrade the gateway to Spring 3
-
- Done
-