Howdy, Tomcat 4 and later are so different from 3.x. I suggest you do the migration, if only for the speed and feature increases. I don't think there's an "attribute" called "secureCookie" in tomcat4, as there is no "un-secure" mode. Perhaps a tomcat 3 guru like Senor Barker can fill in more information...
Yoav Shapira Millennium ChemInformatics >-----Original Message----- >From: Eduardo Campoy [mailto:[EMAIL PROTECTED] >Sent: Wednesday, November 26, 2003 11:33 AM >To: [EMAIL PROTECTED] >Cc: Jason Rivard >Subject: Question on Tomcat 4 > >Hello, > >I am using Tomcat 3.3.1 with Internet Web Application and after doing a >ETHICAL HACKING TEST, they discovered a problem in Tomcat session cookie >(JSESSIONID). >After reading Tomcat 3.3.2 manual , there is a atribute called >"secureCookie" that resolve my issue. BUT tomcat 3.3.2 is not released >yet. >My question is "Does this atribute called "secureCookie" exist in >TOMCAT 4 ?" > >Thanks in advanced > > > >Eduardo Campoy >Technology Account Manager >Novell, THE leading provider of net business solutions >Tel - 55 11 3345-3938 >Cel - 55 11 9232-7456 >AIM - ecampoy sao >MSN - [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
