https://issues.apache.org/bugzilla/show_bug.cgi?id=45255
--- Comment #24 from Mark Thomas <ma...@apache.org> 2009-12-30 07:50:25 GMT --- (In reply to comment #23) > Really pleased to see this integrated. Thank you Mark / Dillon. > > Just to be clear, we're waiting until Tomcat 7 to be able to remove the > JSessionID from the url? Yes, but Tomcat 5 & 6 will change the session ID on authentication which addresses the root cause of the session fixation. With that fixed whether or not the session ID is in the URL is moot. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
