You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cherrypy accepts user-supplied session identifiers. This makes session fixation attacks easier. In case session cookie contains sid that does not reference existing session the client-supplied id should be discarded and a new SID should be generated and sent to client.
Originally reported by: Anonymous
Cherrypy accepts user-supplied session identifiers. This makes session fixation attacks easier. In case session cookie contains sid that does not reference existing session the client-supplied id should be discarded and a new SID should be generated and sent to client.
Reported by pstradomski@gmail.com
The text was updated successfully, but these errors were encountered: