Enhanced security logging and debugging in security-procs.tcl
- Updated the internal log procedure to accept multiple arguments (using join) for more flexible logging.
- Replace several ns_log calls with ::security::log to standardize logging of session_id, login_cookie, timeout, and other events.
- Add additional log statements in critical functions (e.g. sec_handler, sec_setup_session, __ad_verify_signature, and CSRF token handling)
to provide better traceability of session allocation, cookie generation, session invalidation, and signature verification.
- Improve debug output for CSRF token generation and verification, including logging differences in computed hash values.
Show less
Got a suggestion or an issue? Discuss it on the Atlassian Community or visit Atlassian Support for other options.