You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/11/15 18:55:46 UTC

DO NOT REPLY [Bug 24730] New: - distinguish between expired sessions and such that never existed

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24730>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24730

distinguish between expired sessions and such that never existed

           Summary: distinguish between expired sessions and such that never
                    existed
           Product: Tomcat 4
           Version: 4.1.24
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: hauser@acm.org


This probably would require a second parameter in web.xml such "session remember
period.
This could be used for example in a web-mail form to allow to still store a
draft not posted to the server yet before session timeout and still not open the
door to arbitrary denial of service attacks.


P.S.: I guess Hans (hans@trimm.nl) was after something similar in
http://marc.theaimsgroup.com/?l=tomcat-user&m=106079704611632&w=2

P.P.S.: I furthermore guess, Daniel (gmy11.blueyonder.co.uk) was pointing the
way to a custom-made solution in
(http://marc.theaimsgroup.com/?l=tomcat-user&m=104314931116293&w=2), but I
contend this should be part of standard tomcat

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org