Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 84214 invoked from network); 11 Oct 2010 00:54:03 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 11 Oct 2010 00:54:03 -0000 Received: (qmail 97230 invoked by uid 500); 11 Oct 2010 00:54:00 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 97066 invoked by uid 500); 11 Oct 2010 00:54:00 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 97057 invoked by uid 99); 11 Oct 2010 00:54:00 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Oct 2010 00:54:00 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [216.82.254.211] (HELO mail201.messagelabs.com) (216.82.254.211) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Oct 2010 00:53:52 +0000 X-VirusChecked: Checked X-Env-Sender: Chuck.Caldarale@unisys.com X-Msg-Ref: server-3.tower-201.messagelabs.com!1286758408!87300727!8 X-StarScan-Version: 6.2.4; banners=-,-,- X-Originating-IP: [192.61.61.105] Received: (qmail 18734 invoked from network); 11 Oct 2010 00:53:31 -0000 Received: from naedge.unisys.com (HELO USEA-NAEDGE2.unisys.com) (192.61.61.105) by server-3.tower-201.messagelabs.com with RC4-SHA encrypted SMTP; 11 Oct 2010 00:53:31 -0000 Received: from usea-nahubcas2.na.uis.unisys.com (129.224.76.115) by USEA-NAEDGE2.unisys.com (192.61.61.105) with Microsoft SMTP Server (TLS) id 8.1.393.1; Sun, 10 Oct 2010 19:52:46 -0500 Received: from USEA-EXCH8.na.uis.unisys.com ([129.224.76.42]) by usea-nahubcas2.na.uis.unisys.com ([129.224.76.115]) with mapi; Sun, 10 Oct 2010 19:52:46 -0500 From: "Caldarale, Charles R" To: Tomcat Users List Date: Sun, 10 Oct 2010 19:52:42 -0500 Subject: RE: JSESSIONID weakness Severity in Tomcat 6.0.29? Thread-Topic: JSESSIONID weakness Severity in Tomcat 6.0.29? Thread-Index: AQITYjavQn9EH88xmVO7rv9IpHSP7gIXfweVApbha8UBV2JKawFFFCMQAgCV7zACT1MVkgI2WswWkjxt0jCAAADwwA== Message-ID: <99C8B2929B39C24493377AC7A121E21F99ED0A5123@USEA-EXCH8.na.uis.unisys.com> References: <005a01cb68b1$e0db7550$a2925ff0$@yahoo.com> <4CB217E3.3020809@apache.org> <006201cb68b5$ad91bd90$08b538b0$@yahoo.com> <4CB21D5F.9070009@apache.org> <006d01cb68c9$f0e51010$d2af3030$@yahoo.com> <440BE733-52BC-41A4-AD24-4DF4B9CAEAAE@als.com> <006f01cb68d7$7848b7c0$68da2740$@yahoo.com> <99C8B2929B39C24493377AC7A121E21F99ED0A5121@USEA-EXCH8.na.uis.unisys.com> <007301cb68dd$cc2a0c80$647e2580$@yahoo.com> In-Reply-To: <007301cb68dd$cc2a0c80$647e2580$@yahoo.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-cr-hashedpuzzle: AUpN Apap A1TV BheJ BvAu CUVg E8Nn GD5j GN64 GuPW IpLt JRua J4KV KcZ5 K006 K1ka;1;dQBzAGUAcgBzAEAAdABvAG0AYwBhAHQALgBhAHAAYQBjAGgAZQAuAG8AcgBnAA==;Sosha1_v1;7;{6A825E6F-7CAF-4E7C-A7C9-BC2C3858D1B3};YwBoAHUAYwBrAC4AYwBhAGwAZABhAHIAYQBsAGUAQAB1AG4AaQBzAHkAcwAuAGMAbwBtAA==;Mon, 11 Oct 2010 00:52:42 GMT;UgBFADoAIABKAFMARQBTAFMASQBPAE4ASQBEACAAdwBlAGEAawBuAGUAcwBzACAAUwBlAHYAZQByAGkAdAB5ACAAaQBuACAAVABvAG0AYwBhAHQAIAA2AC4AMAAuADIAOQA/AA== x-cr-puzzleid: {6A825E6F-7CAF-4E7C-A7C9-BC2C3858D1B3} acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 > From: Brian [mailto:bbprefix-mail@yahoo.com]=20 > Subject: RE: JSESSIONID weakness Severity in Tomcat 6.0.29? > I was not familiar with the options available in the > container itself. I am still not familiar indeed. Probably the best place to start researching would be sections 7 and 12 of = the servlet spec. =20 You can download a copy of the spec here: http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MA= TERIAL and is thus for use only by the intended recipient. If you received = this in error, please contact the sender and delete the e-mail and its atta= chments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org