DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22649>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22649 putting the SSL session ID into the jsession to avoid "session fixation" attacks ------- Additional Comments From [EMAIL PROTECTED] 2003-11-06 08:02 ------- perhaps, this is mainly a tomcat issue? (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22679) If a good mix of session management via URL-rewriting and cookies would be possible, this would probably be less needed (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24455) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
