tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bradford <fingerm...@gmail.com>
Subject session fixation bug fix - questions
Date Thu, 10 Mar 2011 18:03:17 GMT
I see that a session fixation fix [1] was backported into 5.5.29, but
is disabled by default.

1) Why is this disabled by default?
2) Can I just turn it on and have all my problems solved?  Or could
things blow up?
3) What is the authentication step the bug fix is referring to?

[1] https://issues.apache.org/bugzilla/show_bug.cgi?id=45255

Thanks,
Bradford

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message