tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vincent Chen <v...@yahoo.com>
Subject session security questions?
Date Thu, 13 Nov 2003 10:36:42 GMT
Hi, all

I am running tomcat as application server and using
session to store objects which will determine what
dynamic content will be displayed. It's typical, but I
have the following question:

1. Where is the session variable stored? server side
or client cookie?

2. If variables stored in server side, is it possible
to fake it and is there a proof of concept exists?

3. If variable stored in client cookie, I have the
same question for point 2.


Thanks,

Vincent


-----------------------------------------------------------------
每天都 Yahoo!奇摩
海的顏色、風的氣息、愛你的溫度,盡在信紙底圖
http://tw.promo.yahoo.com/mail_premium/stationery.html

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message