You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2004/03/05 08:31:51 UTC
DO NOT REPLY [Bug 22679] -
how to access ssl session ID out of tomcat to prevent session hijacking
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22679>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22679
how to access ssl session ID out of tomcat to prevent session hijacking
hauser@acm.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|how to access ssl session ID|how to access ssl session ID
|out of tomcat |out of tomcat to prevent
| |session hijacking
------- Additional Comments From hauser@acm.org 2004-03-05 07:31 -------
one example where hijacking is particularly likely when you integrate with
third-party applications that after doing their job should send the user back to
your own application and you don't want the user to be forced to log into your
own application again!
While it should be possible to offer such a process to the user of my
application, I would like to maintain some level of mutual distrust with that
third-party provider.
One example of such third-party provider might be paypal with their IPN - see
related post in http://www.paypaldev.org/topic.asp?TOPIC_ID=5255
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org