You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/11/15 18:55:46 UTC
DO NOT REPLY [Bug 24730] New: -
distinguish between expired sessions and such that never existed
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24730>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24730
distinguish between expired sessions and such that never existed
Summary: distinguish between expired sessions and such that never
existed
Product: Tomcat 4
Version: 4.1.24
Platform: Other
OS/Version: Other
Status: NEW
Severity: Enhancement
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: hauser@acm.org
This probably would require a second parameter in web.xml such "session remember
period.
This could be used for example in a web-mail form to allow to still store a
draft not posted to the server yet before session timeout and still not open the
door to arbitrary denial of service attacks.
P.S.: I guess Hans (hans@trimm.nl) was after something similar in
http://marc.theaimsgroup.com/?l=tomcat-user&m=106079704611632&w=2
P.P.S.: I furthermore guess, Daniel (gmy11.blueyonder.co.uk) was pointing the
way to a custom-made solution in
(http://marc.theaimsgroup.com/?l=tomcat-user&m=104314931116293&w=2), but I
contend this should be part of standard tomcat
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org