Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-5458

o.s.s.w.a.s.ChangeSessionIdAuthenticationStrategy Your servlet container did not change the session ID when a new session was created. You will not be adequately protected against session-fixation attacks

    XMLWordPrintable

Details

    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      It's still possible to see error messages such as:

      2014-11-01 10:08:57,402 WARN  [http-nio-9080-exec-1] *17G4IGOx608x756775x2 1ijresm 121.44.5.154,172.24.36.105,172.24.12.146,172.24.12.181 "GET /rest/api/1.0/projects/BUILDENG/repos/buildeng-puppet/pull-requests HTTP/1.1" o.s.s.w.a.s.ChangeSessionIdAuthenticationStrategy Your servlet container did not change the session ID when a new session was created. You will not be adequately protected against session-fixation attacks

      Attachments

        Activity

          People

            cszmajda Cristan Szmajda (Inactive)
            cszmajda Cristan Szmajda (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: