tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From billbar...@apache.org
Subject cvs commit: jakarta-tomcat RELEASE-NOTES-3.3.2.txt
Date Thu, 31 Oct 2002 06:41:38 GMT
billbarker    2002/10/30 22:41:38

  Modified:    .        RELEASE-NOTES-3.3.2.txt
  Log:
  Document new session behavior.
  
  Revision  Changes    Path
  1.14      +6 -1      jakarta-tomcat/RELEASE-NOTES-3.3.2.txt
  
  Index: RELEASE-NOTES-3.3.2.txt
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/RELEASE-NOTES-3.3.2.txt,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- RELEASE-NOTES-3.3.2.txt	14 Oct 2002 05:57:25 -0000	1.13
  +++ RELEASE-NOTES-3.3.2.txt	31 Oct 2002 06:41:37 -0000	1.14
  @@ -58,6 +58,11 @@
   	 Fix problems with URL normalization when the URL attempts to access
   	 a file above the ROOT.
   
  +	 Prevent session sharing when switching from HTTPS to HTTP.  This
  +	 removes a way to hijack sensitive sessions.  The old behavior can
  +	 be restored by setting the secureCookie="false" attribute on the
  +	 SessionId element in server.xml.
  +
   Jasper:
   
   Bug No.  Description
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message