DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10367>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10367 session highjack Summary: session highjack Product: Axis Version: beta-2 Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: Other Component: Basic Architecture AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] SimpleSessionHandler.java "session highjack" is possible for "SessionID". > private synchronized Long getNewSession() > { ! Long id = new Long(curSessionID++); > SimpleSession session = new SimpleSession(); "SessionID" is used as a random number. Reference: "Tomcat4.0 AuthenticatorBase.java#generateSessionId"
