https://issues.apache.org/bugzilla/show_bug.cgi?id=45255
Andre Schild <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #18 from Andre Schild <[email protected]> 2009-11-17 11:48:35 UTC --- A good document describing session fixation can be found here: http://www.acros.si/papers/session_fixation.pdf Just disabling the usage of jsessionid=.... in the URL does not solve the problem, it just closes one of many open doors. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
