tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject Re: session hijacking and tying session to IP address with filter
Date Tue, 28 Oct 2003 12:41:15 GMT
IIRC, AOL users can use any web browser.


Adam Hardy wrote:
> OK I guess if I write a filter to reject requests where the IP address 
> doesn't match the one in the session, then I can always make an 
> exception for AOL browsers - assuming I can identify them from the 
> browser user-agent or the IP address range.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message