Uploaded image for project: 'OpenMRS Core'
  1. OpenMRS Core
  2. TRUNK-3932

JSessionIDs Exposed in URLs

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Non-Essential
    • Resolution: Fixed
    • Affects Version/s: OpenMRS 1.9.0
    • Fix Version/s: None
    • Component/s: UI Framework
    • Complexity:
      Low

      Description

      Occasionally, JSessionIDs will show up in the OpenMRS webapp's URL upon first login to OpenMRS. This is an obvious security hole, which appears to be difficult to reproduce. Thanks to Timothy D. Morgan from FLOSSHacks for this report!

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              harsha89 Harsha Kumara [X] (Inactive)
              Reporter:
              paul Paul Biondich [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 4 hours
                  4h
                  Remaining:
                  Time Spent - 2 hours, 30 minutes Remaining Estimate - 1 hour, 30 minutes
                  1h 30m
                  Logged:
                  Time Spent - 2 hours, 30 minutes Remaining Estimate - 1 hour, 30 minutes
                  2h 30m