tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben <>
Subject Session ID in URL
Date Sat, 23 Oct 2004 07:31:11 GMT

Is there a way to validate the session id?

How do I deal with a situation where a user logged in and found
something interesting on my site and decided to give the URL address
(with jsessionid) of the page to his/her friend? Since the URL has the
session id of the sender, the receiver clicks on the link and will
have access to the sender account details.

How does solve this problem? Their URL addresses always
have the session id. If I go to and copy and paste the URL
address to a new browser, their system will give me a new session id.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message