tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Hughes <>
Subject Tomcat5 and url tracking hijacking
Date Tue, 27 Jan 2004 14:34:46 GMT
Does tomcat 5 use some kind of mechanism to prevent session hijacking 
when url session tracking is being used?  For instance, if someone posts 
a url to a website with the tracking info in it, will anyone clicking on 
that link pick up the original user's session (assuming it didn't time 
out yet)?  If it does prevent this, how?

If anyone knows of any articles about keeping sessions safe, I'd love to 
get pointed to those.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message