Page 1 of 1

Session Mismanagement in Joomla 3

Posted: Tue Nov 03, 2015 9:12 am
by manpreet_25
This is problem we are facing since from Joomla 2.5 but we haven't find anyfix for that. Every time auditor post same problem and we don't have fix for that. The problem is below :
1. I have access administrator URL and login with valid credentials and note down the session ID value.(See Image Step-1).
2.Than I open Another browser and use any cookie editor and paste that same Session ID value and refresh the page after submit.(See Image Step-2).
3.I will be logged in as Administrator with same SESSION ID value, without entering any credentials(See Image Step-3).

Kindly, let us know possible solution for that. How we can fix this either via any component or anycode.