You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@unomi.apache.org by "Serge Huber (JIRA)" <ji...@apache.org> on 2018/04/25 18:42:00 UTC

[jira] [Created] (UNOMI-178) Make it possible to pass sessionId as a body parameter instead of just a URL parameter

Serge Huber created UNOMI-178:
---------------------------------

             Summary: Make it possible to pass sessionId as a body parameter instead of just a URL parameter
                 Key: UNOMI-178
                 URL: https://issues.apache.org/jira/browse/UNOMI-178
             Project: Apache Unomi
          Issue Type: Improvement
          Components: core
    Affects Versions: 1.3.0-incubating
            Reporter: Serge Huber
             Fix For: 1.3.0-incubating


Currently the event servlet and the context servlet require a sessionId be passed in the URL, which might be problematic if the URL is then stored in logs files, as session hijacking could be possible.

One way to solve this would be to allow the sessionId to be passed as a HTTP POST BODY parameter (in ContextRequest and EventsCollectorRequest).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)