> From: Jasbinder Singh Bali [mailto:[EMAIL PROTECTED]
> Isn't there any feature in tomcat itself that would
> automatically take care
> of session hijacking without doing something at web application level.
Not in all cases. SSL deals with untrusted networks, but if you can't
trust the user's computer (common in Internet applications) not even SSL
will help you.
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
