Hi,

We had a security assessment for an application built by my team. The security vulnerability has got to do with getting access to another user’s session:


They used standard checks to see if accessing other sessions was possible.

By replacing the highlighted session ID they were able to access sessions belonging to other currently logged in users.

Is there any way around this?

Thanks in advance.

Hi Ricardo,

I think this is what you are looking for.

Regards,

Marcelo

Hi Marcelo,

Thanks for the suggestion. I'll let the factory manager know and see if this comes up again during the next security assessment.