-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Dear all,
My application has been penetration test using owasp-zap-proxy-login, and there 1 finding :
Method GET Evidence jsessionid=D766C74F5887F7B16EDA11E165C5661B
URL http://..*.123/abc/zkau/web/eb3e6a52 /js/zk.wpd;jsessionid=D766C74F5887F7B16EDA11E165C5661B
Method GET Evidence jsessionid=D766C74F5887F7B16EDA11E165C5661B
Solution For secure content, put session ID in a cookie. To be even more secure consider using a combination of cookie and URL rewrite.
What should i do to cover this finding ?
Best Regards, Tata. K
the way session IDs are handled are configured at container level, ZK doesn't have a related configuration.
Please check your server's documentation, and apply the relevant/desired settings:
e.g. this post mentions how to disable URL rewriting (just use cookies - avoid adding the session ID in the URL) in tomcat: https://stackoverflow.com/a/962757/4740707
Asked: 2019-10-18 12:31:05 +0800
Seen: 14 times
Last updated: Oct 21 '19
wrong valueException come in front of modal popup [closed]
Use parameters in a conditional @command
Problems with multiple press and onCtrlKey
MVVM @save on the fly [closed]
Unable to activate destroyed desktop
org.zkoss.zk.ui.UiException: java.lang.ClassNotFoundException
How to put a image or Letter over image on a specific XY Coordinate