ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5876/java/rule.adoc
Alban Auzeill 2c306d110e Fix code block ambiguity with old header style 
Ensure blank line before list and clean the one leading space
2020-06-30 17:16:12 +02:00

33 lines
1010 B
Plaintext
Raw Blame History

include::../description.adoc[]
== Noncompliant Code Example
In a Spring Security's context, session fixation protection is enabled by default but can be disabled with <code>sessionFixation().none()</code> method:
----
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement()
.sessionFixation().none(); // Noncompliant: the existing session will continue
}
----
== Compliant Solution
In a Spring Security's context, session fixation protection can be enabled as follows:
----
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement()
.sessionFixation().newSession(); // Compliant: a new session is created without any of the attributes from the old session being copied over
// or
http.sessionManagement()
.sessionFixation().migrateSession(); // Compliant: a new session is created, the old one is invalidated and the attributes from the old session are copied over.
}
----
include::../see.adoc[]
Reference in New Issue View Git Blame Copy Permalink