Using a 2 node cluster, jboss 4.0.3. In some cases we have to put the jsessionid parameter on the URL. In those cases I can send that URL to another person and they can hijack my session. Is this how jboss is supposed to behave ?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4001370#4001370 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4001370 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
