tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jim Urban" <jim.ur...@netsteps.net>
Subject RE: REPOST: NEED HELP URGENT:: internet explorer nullifies session on open new window
Date Tue, 13 Nov 2001 16:17:12 GMT
Speaking of not accepting cookies, that may become common place.  Check this
out from eWeek...


COOKIE FLAW LEAVES IE USERS VULNERABLE TO ATTACKS

A newly discovered flaw in the way that Internet Explorer
handles Web site cookies could enable an attacker to view
and edit a user's personal data contained in the cookies.
The vulnerability affects all versions of IE, but is
mitigated by several factors, according to a bulletin
released last week by Microsoft Corp. Under normal
operation, Web sites are only able to access the cookies for
their site on a given user's machine. By crafting a URL with
specific contents, an attacker could gain access to cookies
for other sites and edit the contents of the files by
injecting a script. To read the story, click here:
http://eletters1.ziffdavis.com/cgi-bin10/flo?y=eMVO0Cn5RF0E4J0bQh0An


Jim

-----Original Message-----
From: Martin van den Bemt [mailto:martin@isallineed.org]
Sent: Tuesday, November 13, 2001 9:55 AM
To: Tomcat Users List
Subject: RE: REPOST: NEED HELP URGENT:: internet explorer nullifies
session on open new window


It seems that ie 6 isn't accepting cookies by default (collegue of mine is
also using ie 6 and had the same problem, even in 1 window). He set a
certain option and everything was working again.  Can you confirm that that
is the default, else everyone must start using url rewriting to keep ie6
users happy

Mvgr,
Martin

> -----Original Message-----
> From: Jim Urban [mailto:jim.urban@netsteps.net]
> Sent: Tuesday, November 13, 2001 4:21 PM
> To: Tomcat Users List
> Subject: RE: REPOST: NEED HELP URGENT:: internet explorer nullifies
> session on open new window
>
>
> Our application does the same thing (openning child browser windows and
> closing them) and we have no problems with IE 5.5.  We have not tried I.E.
> 6.0 yet, so I can't comment on that.  We are running Tomcat 4.0 on Win NT
> and 2K.
>
> Jim
>
> -----Original Message-----
> From: Amit Kelkar [mailto:amit@postmodern.com.au]
> Sent: Tuesday, November 13, 2001 9:01 AM
> To: Tomcat Users List
> Subject: REPOST: NEED HELP URGENT:: internet explorer nullifies session
> on open new window
>
>
>
>
> -----Original Message-----
> From: Amit Kelkar [mailto:amit@postmodern.com.au]
> Sent: Tuesday, 13 November 2001 6:41 PM
> To: Tomcat Users List
> Subject: internet explorer nullifies session on open new window
>
> The application we are coding requires a new window to be opened. This new
> window may just contain a JavaScript calendar or a JSP page
> (dispatched by a
> servlet).
>
> We have been using Internet Explorer 5 till recently to run the
> application
> and this has been fine. But we recently upgraded to I.E. 5.5 and 6.0. In
> both of the new versions, when a new window is opened and then closed, the
> session in the original window gets nullified.
>
> For example, there are places where I need to see a calendar, so
> I open this
> calendar in a new window, I use the calendar, then I close the calendar
> window. I then press a button (in the main window) to go to
> another page in
> my application, where all the session values are now displayed as null.
> Subsequent system error statements show that the session is indeed null.
>
> I am not sure this is a tomcat problem or a IE problem (probably a IE
> problem), but was wondering if anybody has experienced anything
> similar and
> if they have solved the problem...
>
> Note: I am using tomcat 4.01
>
> Thanks much in advance,
>
>
> Amit Kelkar
>
>
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>
>
>
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>
>


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>



--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message