tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ronald Klop <ronald-mailingl...@base.nl>
Subject Re: Can a client recapture a session in Tomcat 4.1
Date Fri, 13 May 2005 16:47:26 GMT
Yes. You only have to sent the right cookie header to the server. And if the browser exits
the right header info is lost.
So, if you create a browser which doesn't loose cookie info, you are done.

This has nothing to do with which server you are running. For php, asp or anything else it
works the same.

Ronald.

On Thu May 12 16:57:29 CEST 2005 Tomcat Users List <tomcat-user@jakarta.apache.org>
wrote:
> 
> Can a client recapture his Tomcat session after he
> has accidentally closed the browser, provided that
> the session object still exists on the server?
> 
> Would this be a browser-specific thing? After all,
> I guess I'd need to tell the browser to persist
> the session cookie or some such thing. Or would it
> work browser-independently using URL-rewriting?
> 
> If there is such a mechanism, does it pose any
> security concerns (e. g. through Tomcat reusing
> a session-id for a totally different session?)
> 
> We're on Tomcat 4.1. Would the answer be any
> different for Tomcat 5.0?
> 
> Thanks for any enlightenment or additional
> pointers-. -- Sebastian
> 
> ----------------------------------------------
> Sebastian Millies, IDS Scheer AG
> Postfach 10 15 34, 66015 Saarbr?cken
> Zi D1.16, Sebastian.Millies@ids-scheer.com
> fon +49-681-210-3221, fax +49-681-210-1311
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message