SRP6JavascriptServerSession should free its variables

SRP6JavascriptServerSession is intended to be a temporary object for authentication. Someone may leave it in the session or in the database post authentication accidently. Or they may hold onto it deliberately in case they want to use the session key at a later point post authentication. At the moment the session object will hold onto all the intermediate calculation results used to perform the authentication. Instead it should delete the intermediate state as soon as possible to keep the memory footprint down.

Comments (1)