我正在开发开源应用程序“Project-Open”,在扫描过程中我遇到了以下漏洞:
[Medium] Session Identifier Not Updated
Issue: 13800882
Severity: Medium
URL: https://<server_name>/register/
Risk(s): It is possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user,allowing the hacker to view or alter user records, and to perform transactions as that user
Fix: Do not accept externally created session identifiers
虽然提到了修复,但我无法完全理解它。请指导我应该如何删除它。如果需要任何进一步的细节来理解这个问题,请告诉我。PS代码在tcl