I would like to know if resin 3 is vulnerable to session cookie
hijacking. In the documentation it's written that :

"It is conceivable that someone could use a packet sniffer to find
the session id of a user and then make a fake request to Resin
thus gaining access to the session. This can be avoided by using

Does that mean that a session id is not tied to an IP address?

For performance reasons I would like to use HTTPS on the login
page only.

Thanks in advance,


resin-interest mailing list

Reply via email to