On 16/06/2026 15:21, Christopher Schultz wrote:
Mark,
On 6/16/26 7:05 AM, [email protected] wrote:
This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 194cdae65e Code review follow-up - log that configuration
has been ignored
194cdae65e is described below
commit 194cdae65e154a5ae00dc5489ed2856c48fb7e08
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jun 16 12:05:34 2026 +0100
Code review follow-up - log that configuration has been ignored
<snip/>
LOL I never realized we allow a 2-byte session id.
Should this even be allowed? 2 bytes isn't enough sparseness to mitigate
brute-force session takeover.
No objection to increasing the limit? What did you have in mind?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
