Liferay (server) switch a session ID, is it possible?

掲示板

10年前に Petr Vašek によって更新されました。

Liferay (server) switch a session ID, is it possible?

Junior Member 投稿: 68 参加年月日: 12/06/26 最新の投稿

Hi all, i have very interesting security problem. I have specific portlet, which processing "something". And i have two users, which are logged to the portal. And they CLICK on one function of this portlet in SAME TIME .(same time on second resolution). And USER1 gets his screen info, BUT USER2 gets USERS1ˇS screen info !!! I check my portlet code 1000000x but i dont find error. This error i failed repeat again !!!. Is it possible, that liferay or tomcat switch a session in one request?

Thank you and so sorry for ma bad english

Petr

10年前に Mika Koivisto によって更新されました。

RE: Liferay (server) switch a session ID, is it possible?

Liferay Legend 投稿: 1519 参加年月日: 06/08/07 最新の投稿

It is possible if you leak the jsessionid but the problem is still probably in your portlet.