0009351: Race conditions for user contexts after the handover of a session to a new user.

ID	Project	Category	View Status	Date Submitted	Last Update

0009351	10000-002: Security	Spec	public	2024-01-11 00:08	2025-07-08 16:32

Reporter	Randy Armstrong	Assigned To	Paul Hunkar
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	1.05.03
Target Version	1.05.04 RC1	Fixed in Version	1.05.06 RC1

Summary	0009351: Race conditions for user contexts after the handover of a session to a new user.
Description	Better mitigations: `create a new session for the new credentials, do the higher privilege operation and close the sessions; do not process new requests until activate session completes; any existing requests finish with the current credentials.`
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2024-01-11 00:08	Randy Armstrong	New Issue
2024-01-11 00:08	Randy Armstrong	Status	new => assigned
2024-01-11 00:08	Randy Armstrong	Assigned To	=> Paul Hunkar
2025-06-16 16:27	Paul Hunkar	Status	assigned => resolved
2025-06-16 16:27	Paul Hunkar	Resolution	open => fixed
2025-06-16 16:27	Paul Hunkar	Fixed in Version	=> 1.05.06 RC1
2025-06-16 16:27	Paul Hunkar	Note Added: 0023012
2025-07-08 16:32	Jim Luth	Status	resolved => closed
2025-07-08 16:32	Jim Luth	Note Added: 0023096

Paul Hunkar 2025-06-16 16:27 developer ~0023012	Added text to explain issues a developer has to deal with when ActiveSession User context changes.

Jim Luth 2025-07-08 16:32 administrator ~0023096	Agreed to changes edited in Web Meeting.