Re: is normal keep value when tomcat restart after JSESSIONID was create?

...@christopherschultz.net님이 작성: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 이강우, On 10/23/14 1:56 AM, 이강우(KangWoo Lee) wrote: ok I undertand. - the session identifier should change to prevent session-fixation attacks. but how I can set tomcat to regenerate id value? I was search document

is normal keep value when tomcat restart after JSESSIONID was create?

Environment - openjdk 1.7 - tomcat 7.0.55 with native connector - apache 2.4.10 with mod-jk 1.2.40 1. Tomcat start 2. Client request - JSESSIONID is null 3. tomcat response - JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 is create 4. refresh page - session attribute(name=count,

Re: is normal keep value when tomcat restart after JSESSIONID was create?

- Hash: SHA256 이강우, On 10/22/14 4:41 AM, 이강우(KangWoo Lee) wrote: Environment - openjdk 1.7 - tomcat 7.0.55 with native connector - apache 2.4.10 with mod-jk 1.2.40 1. Tomcat start 2. Client request - JSESSIONID is null 3. tomcat response - JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98