[
https://issues.apache.org/jira/browse/OFBIZ-6871?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux updated OFBIZ-6871:
-----------------------------------
Description:
Since OFBIZ-6867 is now done, it will no longer be used OOTB and anyway should not be needed because we should preferably always use sessionIds in cookies and newer have sessionsIds in URLs.
There is [old explanation here|
http://seclists.org/webappsec/2002/q4/111] and here is a [more recent explanation|
https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Built-in_Session_Management_Implementations]
was:
Since OFBIZ-6867is now done, it will no longer be used OOTB and anyway should not be needed because we should preferably always use sessionIds in cookies and newer have sessionsIds in URLs.
There is [old explanation here|
http://seclists.org/webappsec/2002/q4/111] and here is a [more recent explanation|
https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Built-in_Session_Management_Implementations]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Locked
