[JENKINS-28905] CSRF token is not regenerated through sessions

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: core
Labels:
- security

Similar Issues:
Powered by SuggestiMate

Show

When you enable CSRF protection there is a ".crumb" header generated for login form and ajax requests. The problem is that this token is regenerated through sessions so basically it's useless.

There are no comments yet on this issue.

Assignee:: Unassigned

Reporter:: Dimitar Kostov

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2015-06-15 11:55

Updated:: 2017-04-15 22:54

Jenkins

Details

Description

Attachments

Activity

People

Dates