Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 8.0 Update 2
Component/s: Undertow
Labels:
- needs-backport

Blocked:
False
Blocked Reason:
None
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

8.0.z.GA
Workaround:

Workaround Exists
Workaround Description:

Hide

Use POST in a FORM login page, not GET

Show
Use POST in a FORM login page, not GET
Git Pull Request:
https://github.com/undertow-io/undertow/pull/1607
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

If a FORM login page happens to use GET instead of the typical POST to send the login credentials to a custom location, then the short session timeout from ~~UNDERTOW-2378~~ / ~~UNDERTOW-2264~~ is still seen after login.

clones

UNDERTOW-2409 Adjust properly session timeout also in case when GET requests with custom auth mechanisms are used

Resolved

is caused by

UNDERTOW-2264 CVE-2023-1973 SessionImpl objects + location strings are created and not cleaned up on authentication failures

Closed

is incorporated by

JBEAP-26990 [GSS](7.4.z) UNDERTOW-2409 / UNDERTOW-2378 - Adjust properly session timeout also in case when custom auth mechanisms are used

Ready for QA

Assignee:: Richard Opalka

Reporter:: Aaron Ogburn

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/06/18 8:10 PM

Updated:: 2024/07/02 3:27 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates