tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Roberts" <>
Subject Tomcat IP and Session ID's
Date Fri, 24 Feb 2006 11:29:58 GMT
I have a question regarding IP address and session ID's.

If a user on IP Address 1 connects to the Tomcat server and is given
session ID A, what happens if that session ID is hijacked by someone on
IP address 2 and then used for a further request. How would the
different version of Tomcat react to this, if at all. Specifically does
Tomcat hold a relationship between IP address and session ID which is
checked on each subsequent request.

Are you using the latest version of MSN Messenger? Download MSN Messenger 
7.5 today!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message