-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wesley,
On 8/17/2010 6:05 PM, Wesley Acheson wrote: > I know of no better way to fix this. This is what we *had* to do to > pass PCI too so its no small deal. Wow, who made you disable jsessionids in URLs to achieve PCI compliance? Whoever did that doesn't understand Java webapp security. Or Internet security for that matter. :( Of course, there might just be some heavy-handed PCI requirements that the working group pulled out of their asses in a few minutes and then got on with a great deal of self-congratulations for making the Internet "safe". - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxsorsACgkQ9CaO5/Lv0PAGzgCfXtTF9BFrRTGvrQ4YXd8ZjXqh CFkAn39TkdK48bu5kItvxqoFrDHOgv5S =s8g7 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
