Uploaded image for project: 'OpenMRS Core'
  1. OpenMRS Core
  2. TRUNK-3932

JSessionIDs Exposed in URLs

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Non-Essential
    • Resolution: Fixed
    • Affects Version/s: OpenMRS 1.9.0
    • Fix Version/s: None
    • Component/s: UI Framework
    • Complexity:
      Low

      Description

      Occasionally, JSessionIDs will show up in the OpenMRS webapp's URL upon first login to OpenMRS. This is an obvious security hole, which appears to be difficult to reproduce. Thanks to Timothy D. Morgan from FLOSSHacks for this report!

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                harsha89 Harsha Kumara
                Reporter:
                paul Paul Biondich
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - 4 hours
                    4h
                    Remaining:
                    Time Spent - 2 hours, 30 minutes Remaining Estimate - 1 hour, 30 minutes
                    1h 30m
                    Logged:
                    Time Spent - 2 hours, 30 minutes Remaining Estimate - 1 hour, 30 minutes
                    2h 30m