On Sat, 29 Jan 2005 13:36:18 -0500, Gili <[EMAIL PROTECTED]> wrote: > > To my knowledge, all Servlet containers use "jsession" and they > assign it a random/unique value hence when you move across to different > webapps, they see an invalid/dead jsession ID and they realize that you > crossed webapps or you're trying to hack them and they reset your > cookie and give you a new jsession value. Why can't we do that? > Yess JSESSIONID is defined in the spec.
That is exactly what we (the servlet container) are doing. Please read my notes again and watch for the difference on web application (e.g. (/wicket-examples) and servlet (e.g. /wicket-examples/helloworld) Juergen ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Wicket-develop mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wicket-develop
