[CWD-216] Crowd session token should be unique for each user, directory, machine

Type: Suggestion
Resolution: Fixed
Fix Version/s: 1.0.3
Component/s: None
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

The validation factors currently generate tokens based on machine specific attributes, such as remote host, user-agent, etc.

If a user on a machine had multiple identities, then the token generated would be the same (as the machine attributes are the same).

It would be nice if this token was unique based on the current validation factors as well as the username of the principal and the directory which the principal belongs to (uniquely identifying the principal).

is related to

CWD-1040 Crowd session tokens need to be random and unique to avoid Session Hijacking!!!

Closed

relates to

CWD-163 Administration Console allows login of unauthorized users

Closed

No work has yet been logged on this issue.

Assignee:: shihab

Reporter:: shihab

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 21/Mar/2007 1:00 AM

Updated:: 19/Sep/2019 5:51 AM

Resolved:: 22/Mar/2007 2:05 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates