You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Jason Hunter <jh...@acm.org> on 2000/04/06 05:23:26 UTC

Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core HttpServletResponseFacade.java

Craig R. McClanahan wrote:
> you're exposing your session key to a
> (potentially malicious) "other" application
> which can now use it to impersonate
> you on the original app.  
> That would not be a Good Thing (tm).  

Good Point (tm).

Wonder how many other servers realize this?

-jh-