DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10419>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10419 Session-ID grabbing from Request accepts invalid session cookies in presense of valid URL sessions [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WONTFIX ------- Additional Comments From [EMAIL PROTECTED] 2004-02-08 10:43 ------- Cookies will override URL session Ids. This is done on purpose and will ot be fixed. Now, there was an issue where Tomcat would only consider the first session id cookie. Now, if there are multiple ones, Tomcat will look until one of them is valid (the first one should be, as per Craig comments, but I've added more lenient code in the TC 5 CVS, since it doesn't hurt much). Please do not reopen this report, it will not be fixed. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
