DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=22679>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=22679 ------- Additional Comments From [EMAIL PROTECTED] 2007-10-26 07:39 ------- (In reply to comment #15) Ralf, I understand that Tomcat should provide ways to prevent session hijacking, but building something into Tomcat to associate a jsessionid with the ssl id is not the solution. This may be an interesting issue for the Tomcat dev list, but this is not a bug. You can have the same behavior that you are asking to be build in into Tomcat using a filter that is specific to your application, and I am somehow inclined into not building into Tomcat something that prevents browsers work within the specs. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
