[
https://issues.apache.org/jira/browse/WW-3858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13427905#comment-13427905
]
Hudson commented on WW-3858:
----------------------------
Integrated in Struts2 #515 (See [https://builds.apache.org/job/Struts2/515/])
WW-3858
Decouple token names from their respective session attribute names (Revision
1368827)
Result = SUCCESS
rgielen :
Files :
* /struts/struts2/trunk
*
/struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptor.java
*
/struts/struts2/trunk/core/src/main/java/org/apache/struts2/interceptor/TokenSessionStoreInterceptor.java
*
/struts/struts2/trunk/core/src/main/java/org/apache/struts2/util/TokenHelper.java
*
/struts/struts2/trunk/core/src/test/java/org/apache/struts2/util/TokenHelperTest.java
*
/struts/struts2/trunk/core/src/test/java/org/apache/struts2/views/jsp/ui/TokenTagTest.java
> Decouple token names from their respective session attribute names
> ------------------------------------------------------------------
>
> Key: WW-3858
> URL: https://issues.apache.org/jira/browse/WW-3858
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Interceptors
> Affects Versions: 2.3.4
> Reporter: Rene Gielen
> Assignee: Rene Gielen
> Fix For: 2.3.5
>
>
> Currently token names are used as is to store session attributes for later
> token check. By namespacing session attributes security can be improved.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
