Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Page 19 – Should V37 and V38 prevent the same issue? #20

Closed
defern opened this issue Nov 20, 2014 · 1 comment
Closed

Page 19 – Should V37 and V38 prevent the same issue? #20

defern opened this issue Nov 20, 2014 · 1 comment
Assignees
@vanderaj
Milestone
3.0

Comments

@defern
Copy link
Collaborator

defern commented Nov 20, 2014

Page 19 – Should V37 and V38 prevent the same issue?

V37 Verify that the session id is changed on login to prevent session fixation.
V38 Verify that the session id is changed upon re-authentication.

Should we add “to prevent session fixation.” To v38?
@vanderaj vanderaj added the bug label Nov 21, 2014
@vanderaj vanderaj modified the milestone: 2.1 Nov 21, 2014
@vanderaj vanderaj self-assigned this Mar 3, 2015
@vanderaj
Copy link
Member

Good pickup. We changed 3.7 to be

Verify that all successful authentication and re-authentication generates a new session and session id.

3.8 has been removed.

@vanderaj vanderaj modified the milestones: 2.1, 3.0 Jul 10, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vanderaj vanderaj

Labels
None yet
Projects
None yet
Milestone
3.0
Development

No branches or pull requests
2 participants
@defern @vanderaj