https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Ljin 2026-04-26T06:35:20Z User contributions MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=User:Ljin&diff=48496 2008-12-12T16:25:59Z

<p>Ljin: New page: I am a security architect/engineer that have many years of experiences in application security and network security. I have built a security framework in support of the US government, and ...</p> <hr /> <div>I am a security architect/engineer that have many years of experiences in application security and network security. I have built a security framework in support of the US government, and have done many design and code reviews and risk assessments for various government agencies and commercial companies. I have led a team of engineers to build a financial system and many other Web based applications.<br /> <br /> My current focus is application security, including SOA/Web service security and Web application security. I am currently working on an ESAPI pilot to mitigate the OWASP Web application security vulnerabilities.</div>

Ljin https://wiki.owasp.org/index.php?title=ESAPI_Session_Management&diff=48385 2008-12-11T14:51:19Z

<p>Ljin: /* Feature Overview */</p> <hr /> <div>== Feature Overview (in Version 2.0)==<br /> <br /> * Be able to distinguish initial login and subsequent login after session timeout (working)<br /> <br /> * To Change session ID after a successful login with optional session content replication so that a timed out user can continue where he/she has left off (working)<br /> <br /> * Safe session management functions that will reject invalid session requests. For example, a request for session contents on an expired session should be rejected until the session is reactivated.<br /> <br /> * Automatic CSRF token validation in a centralized location. <br /> <br /> * A collection of anti-CSRF tags that can automatically incorporate CSRF token in forms when used in JSP pages <br /> <br /> <br /> TODO<br /> <br /> == Possible Enhancements == <br /> <br /> * Add a secure form tag that does CSRF as well as other form protections like autocomplete<br /> <br /> * Separate session management API and CSRF from the Authentication and HTTP utilities<br /> <br /> * Add a flag to the changeSessionIdentifier method to not copy session content<br /> <br /> *</div>

Ljin https://wiki.owasp.org/index.php?title=ESAPI_Session_Management&diff=48378 2008-12-11T14:45:56Z

<p>Ljin: /* Feature Overview */</p> <hr /> <div>== Feature Overview ==<br /> * Be able to distinguish initial login and subsequent login after session timeout (working)<br /> <br /> * To Change session ID after a successful login with optional session content replication so that a timed out user can continue where he/she has left off (working)<br /> <br /> * Safe session management functions that will reject invalid session requests. For example, a request for session contents on an expired session should be rejected until the session is reactivated.<br /> <br /> * <br /> <br /> TODO<br /> <br /> == Possible Enhancements == <br /> <br /> * Add a secure form tag that does CSRF as well as other form protections like autocomplete<br /> <br /> * Separate session management API and CSRF from the Authentication and HTTP utilities<br /> <br /> * Add a flag to the changeSessionIdentifier method to not copy session content<br /> <br /> *</div>

Ljin