Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-21943

Session Replay

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Cross Product DoS
    • None
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Web applications  that do not ensure  that all session tokens  (e.g.: cookies) are  properly destroyed or  made unusable, are  prone to session  replay where an  attacker steals the  session identifier by  sniffing and replays  these session tokens  to "resurrect" the  session of a  legitimate user and  virtually impersonate  him/her.

      It is recommended 
      that the application 
      must:
      • Implement session 
      timeout after about 
      15 minutes based on 
      business and usability 
      requirement and 
      measured period of 
      inactivity.
      OR
      • It is recommended 
      that the logout 
      function effectively 
      destroys all session 
      token or renders 
      them unusable.
      OR
      • The application 
      server performs 
      proper checks on 
      the session state, 
      disallowing an 
      attacker to replay 
      some previous token)

              Unassigned Unassigned
              474b23c90268 Nikitha Mannam
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: