tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Millies, Sebastian" <Sebastian.Mill...@ids-scheer.com>
Subject Can a client recapture a session in Tomcat 4.1
Date Thu, 12 May 2005 14:57:29 GMT

Can a client recapture his Tomcat session after he
has accidentally closed the browser, provided that
the session object still exists on the server?

Would this be a browser-specific thing? After all,
I guess I'd need to tell the browser to persist
the session cookie or some such thing. Or would it
work browser-independently using URL-rewriting?

If there is such a mechanism, does it pose any
security concerns (e. g. through Tomcat reusing
a session-id for a totally different session?)

We're on Tomcat 4.1. Would the answer be any
different for Tomcat 5.0?

Thanks for any enlightenment or additional
pointers-. -- Sebastian

----------------------------------------------
Sebastian Millies, IDS Scheer AG
Postfach 10 15 34, 66015 Saarbr├╝cken
Zi D1.16, Sebastian.Millies@ids-scheer.com
fon +49-681-210-3221, fax +49-681-210-1311

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message