Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-10329

When removing authentication cookies, the actual password shouldn't be sent again as the cookie value

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: 6.0-rc-1
    • Fix Version/s: 6.1-milestone-1
    • Component/s: Old Core
    • Labels:
      None
    • Difficulty:
      Trivial
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      Since all we're interested in is sending an expiration date in the past, the actual value is meaningless. For better security, better not send the password again as the cookie value.

        Attachments

          Activity

            People

            • Assignee:
              sdumitriu Sergiu Dumitriu
              Reporter:
              sdumitriu Sergiu Dumitriu
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: