Good Evening Pavel Implementing a SSL Connector on Tomcat will prevent
Session Fixation attack
Martin,
This is not correct. Using SSL will not stop session fixation attacks
Chris
Hi,
can I force Tomcat to change session id from my application code? I
know that in Tomcat7 there is a changeSessionIdOnAuthentication
attribute that can be used with container managed security, but how
can I protect my application from session fixation attacks if I don't
use container managed
to initiate session id change from application code?
From: pavel.arn...@loutka.cz
To: users@tomcat.apache.org
Hi,
can I force Tomcat to change session id from my application code? I
know that in Tomcat7 there is a changeSessionIdOnAuthentication
attribute that can be used with container