Session Mismanagement in Joomla 3

Did you find a bug in Joomla! 3.x but aren't sure? This forum is the place to help figure out if the problem is a bug and how to report it. If you are an experienced Joomla! user and are certain that you have found a bug please use the Bug Tracker to submit your issue.
This forum is for discussion about bugs and to get help with reporting them to the Bug Tracker: https://issues.joomla.org

Moderator: ooffick

Forum rules
Please use the official Bug Tracker to report a bug: https://issues.joomla.org
Locked
manpreet_25
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 101
Joined: Tue Apr 10, 2012 7:14 am

Session Mismanagement in Joomla 3

Post by manpreet_25 » Tue Nov 03, 2015 9:12 am

This is problem we are facing since from Joomla 2.5 but we haven't find anyfix for that. Every time auditor post same problem and we don't have fix for that. The problem is below :
1. I have access administrator URL and login with valid credentials and note down the session ID value.(See Image Step-1).
2.Than I open Another browser and use any cookie editor and paste that same Session ID value and refresh the page after submit.(See Image Step-2).
3.I will be logged in as Administrator with same SESSION ID value, without entering any credentials(See Image Step-3).

Kindly, let us know possible solution for that. How we can fix this either via any component or anycode.
You do not have the required permissions to view the files attached to this post.

Locked

Return to “Joomla! 3.x Bug Reporting”