Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jsessionid validator regex in esapi.properties not applicable to ids generated by tomcat #292

Closed
meg23 opened this issue Nov 13, 2014 · 0 comments
Closed

jsessionid validator regex in esapi.properties not applicable to ids generated by tomcat #292

meg23 opened this issue Nov 13, 2014 · 0 comments
Assignees
@xeno6696
Labels
bug imported Priority-Medium

Comments

@meg23
Copy link

meg23 commented Nov 13, 2014

From Alex.x86@gmail.com on September 03, 2012 15:13:59

From http://tomcat.apache.org/tomcat-6.0-doc/config/manager.html :

The length of session ids created by this Manager, measured in bytes, excluding subsequent conversion to a hexadecimal string and excluding any JVM route information used for load balancing. The default is 16.

The validator regex in Validator.HTTPJSESSIONID should be changed from

^[A-Z0-9]{10,30}$

to

^[A-Z0-9]{10,32}$

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=286
@xeno6696 xeno6696 self-assigned this Jul 27, 2017
xeno6696 added a commit that referenced this issue Jul 29, 2017
@xeno6696
Merge pull request #410 from xeno6696/develop
df944cf 
Issue #292 && Issue #403 -- Updated default regex size for jsessionid…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xeno6696 xeno6696

Labels
bug imported Priority-Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@meg23 @xeno6696