tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben <newread...@gmail.com>
Subject Session ID in URL
Date Sat, 23 Oct 2004 07:31:11 GMT
Hi

Is there a way to validate the session id?

How do I deal with a situation where a user logged in and found
something interesting on my site and decided to give the URL address
(with jsessionid) of the page to his/her friend? Since the URL has the
session id of the sender, the receiver clicks on the link and will
have access to the sender account details.

How does Amazon.com solve this problem? Their URL addresses always
have the session id. If I go to Amazon.com and copy and paste the URL
address to a new browser, their system will give me a new session id.

Thanks

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message