Following is the issue when the security audit was run over the source code on Smart GWT3.0 version.
Session Fixation
Recommendations
Invalidate any existing session after the user has authenticated but before calling methods that establish the UserPrincipal. Also, invalidate the session object when a user logs out, otherwise the session will remain valid on the server
com/.../velocity/Velocity.java 367
Can we have resolution for this soon please?
Session Fixation
Recommendations
Invalidate any existing session after the user has authenticated but before calling methods that establish the UserPrincipal. Also, invalidate the session object when a user logs out, otherwise the session will remain valid on the server
com/.../velocity/Velocity.java 367
Can we have resolution for this soon please?
Comment