我正致力于开源应用程序" Project-Open"在扫描过程中,我遇到了以下漏洞:
[Medium] Session Identifier Not Updated
Issue: 13800882
Severity: Medium
URL: https://<server_name>/register/
Risk(s): It is possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user,allowing the hacker to view or alter user records, and to perform transactions as that user
Fix: Do not accept externally created session identifiers
虽然提到了修复但是我不能完全理解它。请指导我如何删除它。如果有任何进一步的细节需要了解这个问题,请告诉我。 附:代码在tcl
中