Alexander Wels has posted comments on this change. Change subject: userportal, webadmin: prevent session fixation ......................................................................
Patch Set 1: (1 comment) http://gerrit.ovirt.org/#/c/25959/1/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/GenericApiGWTServiceImpl.java File frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/server/gwt/GenericApiGWTServiceImpl.java: Line 175: getSession().invalidate(); Line 176: // Calling getSession again after invalidating it should create a new session. Line 177: HttpSession newSession = getSession(); Line 178: assert !newSession.equals(originalSession) : "new session the same as old session"; //$NON-NLS-1$ Line 179: Note this doesn't copy any values from the old session, which is something we may or may not want to do. Line 180: params.setSessionId(getSession().getId()); Line 181: params.setActionType(loginType); Line 182: VdcReturnValueBase returnValue = getBackend().login(params); Line 183: return returnValue; -- To view, visit http://gerrit.ovirt.org/25959 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I3df427683c924f10cb59f4af1dd067fcfd21a8f2 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alexander Wels <[email protected]> Gerrit-Reviewer: Alexander Wels <[email protected]> Gerrit-Reviewer: Einav Cohen <[email protected]> Gerrit-Reviewer: Vojtech Szocs <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
