Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 23560 invoked from network); 24 Feb 2006 11:30:39 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 24 Feb 2006 11:30:39 -0000 Received: (qmail 31180 invoked by uid 500); 24 Feb 2006 11:30:25 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 31166 invoked by uid 500); 24 Feb 2006 11:30:25 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 31155 invoked by uid 99); 24 Feb 2006 11:30:25 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Feb 2006 03:30:25 -0800 X-ASF-Spam-Status: No, hits=1.9 required=10.0 tests=DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,MSGID_FROM_MTA_HEADER,SPF_HELO_PASS X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [65.54.185.7] (HELO hotmail.com) (65.54.185.7) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Feb 2006 03:30:24 -0800 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 24 Feb 2006 03:30:02 -0800 Message-ID: Received: from 80.47.232.119 by by15fd.bay15.hotmail.msn.com with HTTP; Fri, 24 Feb 2006 11:29:58 GMT X-Originating-IP: [80.47.232.119] X-Originating-Email: [planetvoodoo@hotmail.co.uk] X-Sender: planetvoodoo@hotmail.co.uk From: "Paul Roberts" To: users@tomcat.apache.org Subject: Tomcat IP and Session ID's Date: Fri, 24 Feb 2006 11:29:58 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 24 Feb 2006 11:30:02.0708 (UTC) FILETIME=[A727A140:01C63935] X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N I have a question regarding IP address and session ID's. If a user on IP Address 1 connects to the Tomcat server and is given session ID A, what happens if that session ID is hijacked by someone on IP address 2 and then used for a further request. How would the different version of Tomcat react to this, if at all. Specifically does Tomcat hold a relationship between IP address and session ID which is checked on each subsequent request. _________________________________________________________________ Are you using the latest version of MSN Messenger? Download MSN Messenger 7.5 today! http://messenger.msn.co.uk --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org