tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45255] support disable jsessionid from url against session fixation attacks
Date Mon, 31 Aug 2009 13:10:41 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45255



--- Comment #15 from Giampaolo Tomassoni <giampaolo@tomassoni.biz> 2009-08-31 06:10:36
PDT ---
I would urge to put Sellars' patch into the next Tomcat 6 version. It may not
be the final weapon against session fixation (also a cookie-based attack seems
possibile to me), but it is definitely good in fixing plenty of problems with
search engines and ugly URLs...

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message