Bug #23785 Clarification Requested

Session Management

Version: 4.3.6 Reporter: Symmetry Group

Impact The session has not been deleted completely, an attacker can view the screen portals screens after the logout activity has been performed.

Remediation Handle the session properly and remove the sessions and delete the cookies after the logout.

  • Er… you want to provide some steps to reproduce? Logout definitely kills the session in the database, preventing any request manipulation from session hijacking even if the network is compromised.

    Thanks!

    Derek Jones
    01st November, 2018 at 5:16am

You must be signed in to comment on a bug report.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases