'Security issue by adding user object as Spring SessionAttribute?
Let's say we have a user entity which stores some data like username, nickname and the encrypted password. Is there any security issue by adding this user object as Spring SessionAttribute? Because for my understanding the @SessionAttributes annotation puts this data in the http-session, which is server-sided, so the application user can only view the session id but not the stored data, right?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|