Do not allow session ID reuse and clean up sessions for introducee (!179) · Merge requests · briar / briar

Torsten Grote requested to merge 371-no-introduction-session-reuse into master May 04, 2016

It was possible that a malicious introducer sends new request with the same session ID that was used previously and thus causing introducees to have multiple states for the same session ID. This commits prevents that from happening and adds an integration test for that scenario.

Also if an introducee removes an introducer, all past session states will be deleted from the database. For this, a test was added as well.

Closes #371 (closed) Closes #372 (closed)

Do not allow session ID reuse and clean up sessions for introducee

Merge request reports