Skip to content
Snippets Groups Projects
Commit 7a87d417 authored by akwizgran's avatar akwizgran
Browse files

Merge branch '371-no-introduction-session-reuse' into 'master'

Do not allow session ID reuse and clean up sessions for introducee

It was possible that a malicious introducer sends new request with the
same session ID that was used previously and thus causing introducees to
have multiple states for the same session ID.
This commits prevents that from happening and adds an integration test
for that scenario.

Also if an introducee removes an introducer, all past session states
will be deleted from the database. For this, a test was added as well.

Closes #371
Closes #372

See merge request !179
parents 5a84e0fe 685e1422
No related branches found
No related tags found
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment