You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/11/12 09:44:54 UTC
svn commit: r1713975 - /tomcat/trunk/webapps/docs/config/context.xml
Author: markt
Date: Thu Nov 12 08:44:54 2015
New Revision: 1713975
URL: http://svn.apache.org/viewvc?rev=1713975&view=rev
Log:
Document validateClientProvidedNewSessionId
Modified:
tomcat/trunk/webapps/docs/config/context.xml
Modified: tomcat/trunk/webapps/docs/config/context.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/context.xml?rev=1713975&r1=1713974&r2=1713975&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/trunk/webapps/docs/config/context.xml Thu Nov 12 08:44:54 2015
@@ -535,6 +535,24 @@
<code>true</code>.</p>
</attribute>
+ <attribute name="validateClientProvidedNewSessionId" required="false">
+ <p>When a client provides the ID for a new session, this attribute
+ controls whether that ID is validated. The only use case for using a
+ client provided session ID is to have a common session ID across
+ multiple web applications. Therefore, any client provided session ID
+ should already exist in another web application. If this check is
+ enabled, the client provided session ID will only be used if the session
+ ID exists in at least one other web application for the current host.
+ Note that the following additional tests are always applied,
+ irrespective of this setting:</p>
+ <ul>
+ <li>The session ID is provided by a cookie</li>
+ <li>The session cookie has a path of {@code /}</li>
+ </ul>
+ <p>If not specified, the default value of <code>true</code> will be
+ used.</p>
+ </attribute>
+
<attribute name="wrapperClass" required="false">
<p>Java class name of the <code>org.apache.catalina.Wrapper</code>
implementation class that will be used for servlets managed by this
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org