Description
Couldn't find settings for cb-session-id rotation on login. I have the same session cookie before and after successful authentication. I suppose this can cause session fixation attack
Steps to reproduce
- open cloudbeaver without authentication in one browser and take its session id
- open cloudbeaver in incognito mode, paste session id and log in
- refresh page opened in first step - you'll be logged in as a user from second step
Expected/Desired Behavior
Provide new cb-session-id after successful login
CloudBeaver Version
CloudBeaver Community 26.0.1
Additional context
No response
Description
Couldn't find settings for cb-session-id rotation on login. I have the same session cookie before and after successful authentication. I suppose this can cause session fixation attack
Steps to reproduce
Expected/Desired Behavior
Provide new cb-session-id after successful login
CloudBeaver Version
CloudBeaver Community 26.0.1
Additional context
No response