[AMBARI-24590] Ambari is keeping the Session cookie even after logout - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- ambari-server
- security-issue

Description

Ambari is keeping the session cookie in the response even after logout from ambari.

Ambari is vulnerable to session replay attack due to this vulnerability .

we should remove the 'AMBARISESSIONID' once the user is logged out.

Please refer to attached screenshot.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI_SESSION_ID.png
04/Sep/18 10:22
81 kB
Akhil Naik

Activity

People

Assignee:: Unassigned

Reporter:: Akhil Naik

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 04/Sep/18 10:18

Updated:: 04/Sep/18 10:24