Skip to content

fix issue781:cwe-613 #803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 15, 2023
Merged

fix issue781:cwe-613 #803

merged 1 commit into from
Mar 15, 2023

Conversation

menghaining
Copy link
Contributor

Destroy session after deleting user #781

描述

When deleting a user, we also remove the userSession stored inAgentSessionProxy . For doing this, we add deleteUserSession function in AgentSessionProxy.class.

Moreover, when a request comes, we add the function to check whether this session is still valid in UserInterceptorHandler.

解决的问题

#781 CWE-613: Insufficient Session Expiration 已经被删除的用户,他的所有session应该立即无效

截屏

  1. User1 login

image

  1. Admin deletes User1;

image

image

  1. User1 cannot operate anymore.

image

image

变更的类型

  • 解决Bug
  • 新功能(不影响其他功能)
  • 对其他功能有影响

检查:

  • 我的变更和代码规范一致
  • 我的变更需要更新文档
  • 我已经更新了对应的文档
  • 我增加的代码有单元测试
  • 所有单元测试都能通过

Signed-off-by: menghaining <menghaining@ict.ac.cn>
@hailiang-wang hailiang-wang self-requested a review March 15, 2023 09:10
@hailiang-wang hailiang-wang merged commit 6588e16 into cskefu:master Mar 15, 2023
@hailiang-wang
Copy link
Member

Codes are merged and built into cskefu docker image

cskefu/contact-center:6588e166

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants