tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Fonzé [benja.be] <be...@benja.be>
Subject Session variables
Date Tue, 14 May 2002 08:20:05 GMT
Hello !
I have a few questions concerning the session object.
 
On the Java Sun web site, I can read this about the HttpSession
interface :
“The servlet container uses this interface to create a session between
an HTTP client and an HTTP server. The session persists for a specified
time period, across more than one connection or page request from the
user. A session usually corresponds to one user, who may visit a site
many times. The server can maintain a session in many ways such as using
cookies or rewriting URLs.”
 
My browser is configured to refuse the cookies, and I’ve no cookies on
my disk, my conclusion is that Tomcat does not use cookies.
But I’ve no URL rewriting either (Except if that’s invisible !?? Like
the POST method of a form !?)
 
I really need to know how that’s implemented by HttpSession, is someone
can help me ?
 
Another question…
I use Tomcat 3.3a, and I’m worrying if the security of these session is
good ?
Is that possible for a hacker to recuperate the session variables of a
server ?

Thanks a lot !
Benja.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message