Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-216

Crowd session token should be unique for each user, directory, machine

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Fixed
    • 1.0.3
    • None
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      The validation factors currently generate tokens based on machine specific attributes, such as remote host, user-agent, etc.

      If a user on a machine had multiple identities, then the token generated would be the same (as the machine attributes are the same).

      It would be nice if this token was unique based on the current validation factors as well as the username of the principal and the directory which the principal belongs to (uniquely identifying the principal).

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CWD-1040 Crowd session tokens need to be random and unique to avoid Session Hijacking!!!

          • Highest - Our top priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CWD-163 Administration Console allows login of unauthorized users

          • High - High priority issues
          • Closed

          Activity

            People

              shamid@atlassian.com shihab
              shamid@atlassian.com shihab
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: