Skip to content

Comments

fix: Remove usage of sessionId in javascript - EXO-84888 - meeds-io/si#10#5617

Open
Jihed525 wants to merge 1 commit intostable/6.5.x-exofrom
backportStable/6.5-84888
Open

fix: Remove usage of sessionId in javascript - EXO-84888 - meeds-io/si#10#5617
Jihed525 wants to merge 1 commit intostable/6.5.x-exofrom
backportStable/6.5-84888

Conversation

@Jihed525
Copy link
Contributor

@Jihed525 Jihed525 commented Feb 23, 2026

Before this fix, the sessionId is exposed as javascript object. This could allow Session hijacking, user impersonation or Account takeover This commit remove the sessionId and use the username for the session storage of suggestions instead of sessionId.

Resolves meeds-io/si#10

(cherry picked from commit 6c5ca61)

@rdenarie @Jihed525
fix: Remove usage of sessionId in javascript - EXO-84888 - Meeds-io/s…
1c058ce 
…i#10

Before this fix, the sessionId is exposed as javascript object. This could allow Session hijacking, user impersonation or Account takeover
This commit remove the sessionId and use the username for the session storage of suggestions instead of sessionId.

Resolves Meeds-io/si#10

(cherry picked from commit 6c5ca61)
@Jihed525 Jihed525 requested a review from rdenarie February 23, 2026 10:32
@Jihed525 Jihed525 self-assigned this Feb 23, 2026
@Jihed525 Jihed525 enabled auto-merge (rebase) February 23, 2026 10:32
@github-actions github-actions bot added the partialCIBuild Perform Partial CI Build label Feb 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@azayati azayati azayati approved these changes

@rdenarie rdenarie Awaiting requested review from rdenarie

Assignees

@Jihed525 Jihed525

Labels

partialCIBuild Perform Partial CI Build

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Jihed525 @azayati @rdenarie