The jfwid contains the session ID

Question

The jfwid contains the session ID

Closed this issue 9 months ago · 1 comments

The client window ID generated in ClientWindowImpl contains the session ID, which is not needed for this functionality, and exposure of the session ID can be used to compromise security. This method should be modified, then, so as not to use the session. PR incoming.

Answer 1 · 2023-12-12T11:14:17.000Z

+1 indeed for not leaking the session ID anyway, and even more so when it's not needed.