Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-4899

Configure cookies to validate against user's IP rather than subdomain

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Not a bug
    • None
    • SSO

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Problem Definition

      Currently Crowd uses an SSO domain such as *.domain.com to validate cookies against different applications. This can expose the Overly broad session cookie domain vulnerability.

      Suggested Solution

      As recommended in that article, the application could use the user's IP address.

      Workaround

      Disable SSO

      Attachments

        Activity

          People

            Unassigned Unassigned
            dponzio Daniel Ponzio
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: