tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mfs <>
Subject Cookie-less session tracking - whats are the downsides
Date Thu, 17 Apr 2008 04:23:49 GMT


I would want to know the downsides to using cookie-less sessions ? I want to
give my client the freedom to disable cookies on the browser if he chooses
to, but i would want to know the implications to that ?

Some say, exposing your sessionId in the url exposes it to hackers who can
spoof the IP (as of the victim) and provide the jsessionId (in the url) and
can gain control of the victim's session, but if u are using ssl, that
shouldnt be an issue.

Would someone comment on the real hazards/bottlenecks to the cookie-less

Thanks in advance and Regards,


View this message in context:
Sent from the Tomcat - User mailing list archive at

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message