@tomcat.apache.org
Subject: RE: Tomcat IP and Session ID's
Thank you.
I was wondering, over and above encrypting the communications channel how
does HTTPS help to prevent session ID hijacking?
Regards
Paul Roberts.
>From: "Peter Crowther" <[EMAIL PROTECTED]>
>Reply-T
> From: Paul Roberts [mailto:[EMAIL PROTECTED]
> I was wondering, over and above encrypting the communications
> channel how does HTTPS help to prevent session ID hijacking?
To my knowledge, it doesn't (better heads than me may wish to contradict
me here). But keeping a randomly-generated sessi
Thank you.
I was wondering, over and above encrypting the communications channel how
does HTTPS help to prevent session ID hijacking?
Regards
Paul Roberts.
From: "Peter Crowther" <[EMAIL PROTECTED]>
Reply-To: "Tomcat Users List"
To: "Tomcat Users List"
> From: Paul Roberts [mailto:[EMAIL PROTECTED]
> I have a question regarding IP address and session ID's.
>
> If a user on IP Address 1 connects to the Tomcat server and is given
> session ID A, what happens if that session ID is hijacked by
> someone on
> IP address 2 and then used for a furthe
Well In my situation it just works,
if you copy something like
http://localhost:8080/MyApp/welcome.do;jsessionid=64B0E7454BB37E8ECE50B8B0323735CD
in another browser - nothing happens ;) I don't know why, but I like it.
I use cookies for session management, couse I need them in some other
plac
I have a question regarding IP address and session ID's.
If a user on IP Address 1 connects to the Tomcat server and is given
session ID A, what happens if that session ID is hijacked by someone on
IP address 2 and then used for a further request. How would the
different version of Tomcat react t
