tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: session hijacking and tying session to IP address with filter
Date Tue, 28 Oct 2003 12:23:43 GMT
On 10/28/2003 12:06 PM Tim Funk wrote:
> I think they can and you'll break AOL users. AOL and other large 
> entities sometimes employ megaproxies where the user might appear to be 
> coming from different ip addresses.
> 
> The guaranteed way to prevent session hijacking is by using ssl. (And 
> making sure your site is not victim to css attacks)

BTW, what are css attacks?

-- 
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message