RelateIQ: Value of JSESSIONID and XSRF token parameter in cookie remains same before and after login

2014-02-28T13:01:01
ID H1:2421
Type hackerone
Reporter shahmeer-amir
Modified 2014-05-14T21:58:04

Description

Here are two same values captured via intercepting the request and the value of JSESSIONID and XSRF remains same before and after login JSESSIONID=m8u0pm8mjvckm1ya8da4oqlfb0pd34iw38lr; XSRF-TOKEN=6B025F41D13BC02E9D658409BAC23F84;

This could lead to further threats such as session hijacking etc