Forums

angle-left Back

RE: session problem

AD
alen dumas, modified 5 Months ago.

session problem

Junior Member Posts: 41 Join Date: 3/12/12 Recent Posts
I use liferay 5.2.3 on jboss 5.1.

I have a big problem with Liferay Sessions i think. It could also be a caching problem.

The problem is that sometimes I can see the dock of another person ( so able to get this very private information ).

meaning Sometimes, an User A see User B's page.

I use proxy in the network in front of the application server.

I'm afraid that this problem is related to security holes all over the place in this version of liferay

Does anybody know this kind of problem
Tomas Polesovsky, modified 5 Months ago.

RE: session problem

LIFERAY STAFF Liferay Master Posts: 654 Join Date: 2/13/09 Recent Posts
Hi,

AFAIK there was no such problem that would relate to 5.2.3 security holes.

There were other holes, more important and more devastating compared to this one ;-)

Best,

-- tom +
Olaf Kock, modified 5 Months ago.

RE: session problem

LIFERAY STAFF Liferay Legend Posts: 4619 Join Date: 9/23/08 Recent Posts
The mentioned proxy is rather the culprit here. If it's still reproducible without the proxy, then it's Liferay's problem. But the odds are that it's a proxy that is overeagerly caching.