DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=37356>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37356 ------- Additional Comments From [EMAIL PROTECTED] 2006-03-10 12:51 ------- (In reply to comment #26) > Well, apart from the fact that I wrote my comment while you posted yours > (mid-air-collision) > > I don't see any obvious reason against syncing the accessCount with the > volatile > keyword. And you verified it actually fixed this "issue" ? > For the "rare" issue. We see quite some of these stale sessions. (appx. 2-10 a day) > I'm not saying that this is a major security issue, but it over time it gives > an > attacker quite a chance to guess some sessionId. > > Many people will not even be aware of this issue, because you can only see it > if > you keep track of sessions yourself. All others might take a look into the > manager application and enjoy the number of concurrent users they usually > have, > not knowing those sessions should have expired a long time ago. As usual, 2-3 useless paragraphs as soon as there's a disagreement with a user. Special bonus for the security fud ;) -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
