Session Fixation with Axon.ivy

Hi everyone, as far as I can find, every time user logs in with IVY Portal, the session is kept (not renewed). You can check this via JSESSIONID. Thus, it leads to session fixation attack.
May Axon.ivy provide a mechanism to prevent this kind of attack? I am using Axon.ivy 6.3.0.
Thank you.

jsf session ivy

asked 03.01.2018 at 04:25

Bao Tran
(suspended)
accept rate: 0%

edited 03.01.2018 at 04:26

2 Answers:

active answers oldest newest most voted

2	This issue has been fixed in ivy 7.1 and 7.0.4. link answered 09.05.2018 at 01:34 Alex Suter ♦♦ 3.1k●12●22●47 accept rate: 84%

This is a known issue. See https://jira.axonivy.com/jira/browse/XIVY-349 Unfortunately, we cannot fix this issue without breaking RIA applications. However, we plan to drop RIA support in Axon.ivy 8. After that we can fix this issue.

Regards Reto Weiss, Axon.ivy Support

link

answered 04.01.2018 at 04:20

Reto Weiss ♦♦
4.9k●20●28●57
accept rate: 74%

Thank you for your answer. This means that there is nothing we can do now?

(04.01.2018 at 04:37) Bao Tran

Hello @Bao Tran, Just want to update that this issue has been fixed in Ivy 7.0.4 & 7.1 as the US stated. https://developer.axonivy.com/doc/7.1.0/new-and-noteworthy

(08.05.2018 at 23:54) ToanLC

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

ivy ×147
jsf ×79
session ×14

Asked: 03.01.2018 at 04:25

Seen: 2,360 times

Last updated: 09.05.2018 at 01:34

Session Fixation with Axon.ivy

Follow this question

Related questions