tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51283] Session Fixation is solved without an invalidating of an existing HTTP session
Date Sat, 04 Jun 2011 04:40:14 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51283

--- Comment #5 from Christopher Schultz <chris@christopherschultz.net> 2011-06-04 04:40:14
UTC ---
Mark was suggesting that if a plausible use-case were to be presented where an
application should need the container to protect users from itself, he might
consider such a feature.

Since no use-case was presented, he marked this bug as INVALID.

I tend to agree: if the users cannot trust the webapp, they should be using it.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message