Sometimes our users get to see information stored in the session of another user. We've verified this because they have sent us screen captures.
The question is how? We have one server, one tomcat (4.1.27), and we use the default i.e. cookie based sessions.
If anyone of you can shed some light on this or tell me how to prevent this, that will be great.
Thanks for your time. Nikhil
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
