Hello,
we had a Pentest for some of our server, including the OpenEmm Server. One of the critical points was the readable jsessionid in the url.
Will this be chnaged in the future?
OpenEMM 2015 is no longer maintained. OpenEMM 2019 (https://wiki.openemm.org) uses jsessionid as well, but is also provides an IP filter to prevent session hijacking.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
OpenEMM 2015 is no longer maintained. OpenEMM 2019 (https://wiki.openemm.org) uses jsessionid as well, but is also provides an IP filter to prevent session hijacking.