tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Roberts" <planetvoo...@hotmail.co.uk>
Subject Tomcat IP and Session ID's
Date Fri, 24 Feb 2006 11:29:58 GMT
I have a question regarding IP address and session ID's.

If a user on IP Address 1 connects to the Tomcat server and is given
session ID A, what happens if that session ID is hijacked by someone on
IP address 2 and then used for a further request. How would the
different version of Tomcat react to this, if at all. Specifically does
Tomcat hold a relationship between IP address and session ID which is
checked on each subsequent request.

_________________________________________________________________
Are you using the latest version of MSN Messenger? Download MSN Messenger 
7.5 today! http://messenger.msn.co.uk


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message