DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22679>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22679 how to access ssl session ID out of tomcat to prevent session hijacking [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|how to access ssl session ID|how to access ssl session ID |out of tomcat |out of tomcat to prevent | |session hijacking ------- Additional Comments From [EMAIL PROTECTED] 2004-03-05 07:31 ------- one example where hijacking is particularly likely when you integrate with third-party applications that after doing their job should send the user back to your own application and you don't want the user to be forced to log into your own application again! While it should be possible to offer such a process to the user of my application, I would like to maintain some level of mutual distrust with that third-party provider. One example of such third-party provider might be paypal with their IPN - see related post in http://www.paypaldev.org/topic.asp?TOPIC_ID=5255 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
