tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 10419] - Session-ID grabbing from Request accepts invalid session cookies in presense of valid URL sessions
Date Sat, 07 Feb 2004 20:16:08 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10419>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10419

Session-ID grabbing from Request accepts invalid session cookies in presense of valid URL
sessions

H.Zeller@acm.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|http://www.freiheit.com/user|http://vicdor.org/~hzeller/S
                   |s/hzeller/SessionBugDemonstr|essionBugDemonstration.java
                   |ation.java                  |



------- Additional Comments From H.Zeller@acm.org  2004-02-07 20:16 -------
Since the URL to the original demonstration servlet of this issue wasn't 
reachable anymore (this bug is now open for 1.5 years..), I've moved it to a 
new location. You can find it at 
  http://vicdor.org/~hzeller/SessionBugDemonstration.java 
now. 
 
While re-reading the comments after a while I noticed that referencing the 
bugs 1 and 2 in my first comment is a bit misleading since bugzilla tries to 
link to the literal number. They actually stand for the two bugs I've 
committed regarding two related aspects of faulty session handling in tomcat, 
namely Bug #10418 and this Bug #10419.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message