tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: session hijacking and tying session to IP address with filter
Date Tue, 28 Oct 2003 12:41:15 GMT
IIRC, AOL users can use any web browser.

-Tim

Adam Hardy wrote:
> OK I guess if I write a filter to reject requests where the IP address 
> doesn't match the one in the session, then I can always make an 
> exception for AOL browsers - assuming I can identify them from the 
> browser user-agent or the IP address range.
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message