-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
이강우,
On 10/23/14 1:56 AM, 이강우(KangWoo Lee) wrote:
ok I undertand.
- the session identifier should change to prevent session-fixation
attacks.
but how I can set tomcat to regenerate id value? I was search
document, but can't find it
I'm
I found a causes. set the context attribute sessioncookiepath=/ is same
affect of emptysessionpath. tomcat document says if set emptysessionpath
then yomcat using session id value of client request.
I solve it. thanks to your comment.
2014. 10. 24. 오전 12:42에 Christopher Schultz
Environment - openjdk 1.7 - tomcat 7.0.55 with native connector - apache
2.4.10 with mod-jk 1.2.40
1. Tomcat start
2. Client request - JSESSIONID is null
3. tomcat response - JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 is
create
4. refresh page - session attribute(name=count,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
이강우,
On 10/22/14 4:41 AM, 이강우(KangWoo Lee) wrote:
Environment - openjdk 1.7 - tomcat 7.0.55 with native connector -
apache 2.4.10 with mod-jk 1.2.40
1. Tomcat start 2. Client request - JSESSIONID is null 3. tomcat
response -
ok I undertand.
- the session identifier should change to prevent session-fixation attacks.
but how I can set tomcat to regenerate id value?
I was search document, but can't find it
2014-10-22 22:44 GMT+09:00 Christopher Schultz ch...@christopherschultz.net
:
-BEGIN PGP SIGNED