Does tomcat 5 use some kind of mechanism to prevent session hijacking
when url session tracking is being used? For instance, if someone posts
a url to a website with the tracking info in it, will anyone clicking on
that link pick up the original user's session (assuming it didn't time
out yet)? If it does prevent this, how?
If anyone knows of any articles about keeping sessions safe, I'd love to
get pointed to those.
Thanks,
-Marc
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
