[Resin-interest] Limiting session to a single IP for a given session_id

[Rafael Escolar | Bookassist]

Is there a way to force session to invalidate or not to be recognized  
if the client IP changes?  This is a PCI requirement so that if a  
third obtains a valid session ID they cannot use it to re-establish  
the original session with the server.


Based on tests I have run using resin 3.1.8, the default configuration  
is seems that the session is maintained whenever the JSESSIONID cookie  
contains a valid session id. In particular, I established a session  
with the resin3.1 server, then changed my client IP, then reconnected  
to the server and all session information was maintained.


Thanks in advance.
Rafa.___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

[Resin-interest] Resin 3.1.8 Recompile with -Xlint:unchecked for details

[Rafael Escolar | Bookassist]

Hi,

I'm migrating from resin 2.1.16 to resin 3.1.8 and my logs are plenty  
of:

[16:39:58.275][16:39:58.275]Note: /home/automat/www/bassist/WEB-INF/ 
work/_jsp/_bookassist_0admin/_users__jsp.java uses unchecked or unsafe  
operations.
[16:39:58.275][16:39:58.275]Note: Recompile with -Xlint:unchecked for  
details.


How can I configure the compilation to add -Xlint:unchecked option?

Regards.
Rafa.


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest