tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 45255] support disable jsessionid from url against session fixation attacks
Date Mon, 31 Aug 2009 13:10:41 GMT

--- Comment #15 from Giampaolo Tomassoni <> 2009-08-31 06:10:36
PDT ---
I would urge to put Sellars' patch into the next Tomcat 6 version. It may not
be the final weapon against session fixation (also a cookie-based attack seems
possibile to me), but it is definitely good in fixing plenty of problems with
search engines and ugly URLs...

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message