Details
-
Suggestion
-
Resolution: Fixed
Description
It's still possible to see error messages such as:
2014-11-01 10:08:57,402 WARN [http-nio-9080-exec-1] *17G4IGOx608x756775x2 1ijresm 121.44.5.154,172.24.36.105,172.24.12.146,172.24.12.181 "GET /rest/api/1.0/projects/BUILDENG/repos/buildeng-puppet/pull-requests HTTP/1.1" o.s.s.w.a.s.ChangeSessionIdAuthenticationStrategy Your servlet container did not change the session ID when a new session was created. You will not be adequately protected against session-fixation attacks