Does tomcat do any validation on session id's based on up addresses? I'm thinking that if some one intercepts the session token and tries to use it from another ip address, then it's feasible to detect this and invalidate the session.
- User session validation Alex O'Ree
- Re: User session validation George S.
- Re: User session validation Christopher Schultz
- Re: User session validation Alex O'Ree
