tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vincent Chen <>
Subject session security questions?
Date Thu, 13 Nov 2003 10:36:42 GMT
Hi, all

I am running tomcat as application server and using
session to store objects which will determine what
dynamic content will be displayed. It's typical, but I
have the following question:

1. Where is the session variable stored? server side
or client cookie?

2. If variables stored in server side, is it possible
to fake it and is there a proof of concept exists?

3. If variable stored in client cookie, I have the
same question for point 2.



每天都 Yahoo!奇摩

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message