idp.session.consistentAddress setting is broken

Fixed

Description fields

Basics

Logistics

Basics

Logistics

Description

The idp.session.consistentAddress property was botched. The conditional logic in the SessionManager doesn't bypass the address binding step, causing a CVE. In addition, the setting isn't used in other actions to bypass the address check, which would cause the address to be bound to the session there anyway.

Environment

None

Activity

Scott Cantor

March 17, 2015 at 10:15 PM

r7426

Scott Cantor

March 17, 2015 at 10:13 PM

Resize work item view side panel

Details

Assignee

Scott Cantor

Reporter

Scott Cantor

Original estimate

Created March 17, 2015 at 10:08 PM

Updated March 26, 2015 at 2:43 PM

Resolved March 17, 2015 at 10:15 PM

idp.session.consistentAddress setting is broken

Description

Environment

Scott Cantor

Scott Cantor

Details

Assignee

Reporter

Original estimate

Components

Fix versions

Affects versions

Flag notifications

Something's gone wrong