billbarker 2002/10/30 22:41:38
Modified: . RELEASE-NOTES-3.3.2.txt
Log:
Document new session behavior.
Revision Changes Path
1.14 +6 -1 jakarta-tomcat/RELEASE-NOTES-3.3.2.txt
Index: RELEASE-NOTES-3.3.2.txt
===================================================================
RCS file: /home/cvs/jakarta-tomcat/RELEASE-NOTES-3.3.2.txt,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- RELEASE-NOTES-3.3.2.txt 14 Oct 2002 05:57:25 -0000 1.13
+++ RELEASE-NOTES-3.3.2.txt 31 Oct 2002 06:41:37 -0000 1.14
@@ -58,6 +58,11 @@
Fix problems with URL normalization when the URL attempts to access
a file above the ROOT.
+ Prevent session sharing when switching from HTTPS to HTTP. This
+ removes a way to hijack sensitive sessions. The old behavior can
+ be restored by setting the secureCookie="false" attribute on the
+ SessionId element in server.xml.
+
Jasper:
Bug No. Description
--
To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
