tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joe Shevland" <>
Subject RE: [Q] Session invalidation and authentication mechanism
Date Mon, 14 Aug 2000 20:51:33 GMT
Any indication of a release of 3.2 in the wind or is it likely to go through
some more beta phases?


> A couple of notes that relate to the way Tomcat itself does this:
> * As of version 3.2, the algorithm used to calculate the next session ID
>   has been made *much* harder to calculate the next session ID value.
>   Of course, nothing stops a snooper from swiping the session ID of a
>   current session unless you are running across an encrypted connection
>   (see more below on this topic).
> Craig McClanahan

View raw message