-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Peter,
On 2/8/18 11:30 AM, Peter Kreuser wrote:
> Forgive the top-post!
:/
iOS mail lets you type anywhere you want!
> Going back to the root-cause of the question:
>
> In my opinion the security requirement stems from the idea, that a
> logout
Dear all,
Forgive the top-post!
Going back to the root-cause of the question:
In my opinion the security requirement stems from the idea, that a logout must
invalidate the session and thus make the data practically inaccessible -
instead of just removing a typical loggedin flag and keeping the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 2/8/18 4:49 AM, Mark Thomas wrote:
> On 07/02/18 23:49, Alex O'Ree wrote:
>> I was recently perusing security implementation guides and ran
>> across one that required that sessions id's be "destroyed" after
>> use and not reused. From my u
On 07/02/18 23:49, Alex O'Ree wrote:
> I was recently perusing security implementation guides and ran across one
> that required that sessions id's be "destroyed" after use and not reused.
> From my understanding, it looks like the java/tomcat/servlet equivalent is
> the jessionid. I'm assuming thi
I was recently perusing security implementation guides and ran across one
that required that sessions id's be "destroyed" after use and not reused.
>From my understanding, it looks like the java/tomcat/servlet equivalent is
the jessionid. I'm assuming this is probably a randomly generated id but I