billbarker 2002/10/30 22:41:38 Modified: . RELEASE-NOTES-3.3.2.txt Log: Document new session behavior. Revision Changes Path 1.14 +6 -1 jakarta-tomcat/RELEASE-NOTES-3.3.2.txt Index: RELEASE-NOTES-3.3.2.txt =================================================================== RCS file: /home/cvs/jakarta-tomcat/RELEASE-NOTES-3.3.2.txt,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- RELEASE-NOTES-3.3.2.txt 14 Oct 2002 05:57:25 -0000 1.13 +++ RELEASE-NOTES-3.3.2.txt 31 Oct 2002 06:41:37 -0000 1.14 @@ -58,6 +58,11 @@ Fix problems with URL normalization when the URL attempts to access a file above the ROOT. + Prevent session sharing when switching from HTTPS to HTTP. This + removes a way to hijack sensitive sessions. The old behavior can + be restored by setting the secureCookie="false" attribute on the + SessionId element in server.xml. + Jasper: Bug No. Description
-- To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>