tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex O'Ree" <alexo...@apache.org>
Subject User session validation
Date Wed, 28 Mar 2018 23:20:38 GMT
Does tomcat do any validation on session id's based on up addresses? I'm
thinking that if some one intercepts the session token and tries to use it
from another ip address,  then it's feasible to detect this and invalidate
the session.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message