tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shanti Suresh <sha...@umich.edu>
Subject Re: Security issue regarding JSESSIONID cookie
Date Fri, 28 Sep 2012 15:35:20 GMT
Hi Joan,

What happens when you change the web.xml settings to:

----------web.xml:----
<session-config>
        <session-timeout>30</session-timeout>
         <tracking-mode>COOKIE</tracking-mode>
  </session-config>

--------------------------

Thanks.

                  -Shanti


On Fri, Sep 28, 2012 at 10:58 AM, Konstantin Kolinko <knst.kolinko@gmail.com
> wrote:

> 2012/9/28 Martin Gainty <mgainty@hotmail.com>:
> >
> > that is NOT what the op asked for
> >
> > if the OP is implementing ssl via her FE Apache then she needs to
> implement and config mod-ssl on that FE apache server
> >
> > You need to Understand what the op environment is before criticising the
> solution
> > Martin
>
> The OP asked about JSESSIONID cookie (as said in $Subject) and getting
> rid of it.  It is not about configuring mod_ssl.
>
>
> http://en.wikipedia.org/wiki/Posting_style#Choosing_the_proper_posting_style
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message