You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Paul Roberts <pl...@hotmail.co.uk> on 2006/02/24 12:29:58 UTC

Tomcat IP and Session ID's

I have a question regarding IP address and session ID's.

If a user on IP Address 1 connects to the Tomcat server and is given
session ID A, what happens if that session ID is hijacked by someone on
IP address 2 and then used for a further request. How would the
different version of Tomcat react to this, if at all. Specifically does
Tomcat hold a relationship between IP address and session ID which is
checked on each subsequent request.

_________________________________________________________________
Are you using the latest version of MSN Messenger? Download MSN Messenger 
7.5 today! http://messenger.msn.co.uk


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat IP and Session ID's

Posted by Danny Lee <ha...@yahoo.de>.

Well In my situation it just works,
if you copy something like

http://localhost:8080/MyApp/welcome.do;jsessionid=64B0E7454BB37E8ECE50B8B0323735CD

in another browser - nothing happens ;) I don't know why, but I like it. 
  I use cookies for session management, couse I need them in some other 
places.

Danny


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org