Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: session should be maintained against a combination of TabId + domain instead of TabId only #189

Open
HunnySajid opened this issue Aug 8, 2024 · 1 comment
Open

Bug: session should be maintained against a combination of TabId + domain instead of TabId only #189

HunnySajid opened this issue Aug 8, 2024 · 1 comment
Assignees
@HunnySajid

Comments

@HunnySajid
Copy link
Collaborator

Once a credential/aid is selected by web app from extension, a session is created in extension. Currently, it only stores tabid but it should also combine domain with tabid. Otherwise, another website can be opened in same tab and can exploit the session created from previous website.
@HunnySajid HunnySajid self-assigned this Aug 8, 2024
@edeykholt
Copy link
Contributor

See comment about sessions (and messaging) in #159

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@HunnySajid HunnySajid

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@edeykholt @HunnySajid