You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/12/11 18:44:42 UTC
svn commit: r889723 - /tomcat/tc5.5.x/trunk/STATUS.txt
Author: markt
Date: Fri Dec 11 17:44:42 2009
New Revision: 889723
URL: http://svn.apache.org/viewvc?rev=889723&view=rev
Log:
Proposal
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=889723&r1=889722&r2=889723&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Fri Dec 11 17:44:42 2009
@@ -241,3 +241,13 @@
http://svn.apache.org/viewvc?rev=889606&view=rev
+1: markt
-1:
+
+* Address https://issues.apache.org/bugzilla/show_bug.cgi?id=45255
+ Prevent session fixation by changing session ID on authentication by default
+ If you don't like the session ID changing by default, feel free to caveat your
+ vote. If there is suggicient support for the patch but insufficient support
+ for changing the ID by default I'll apply the patch with the default set to
+ not change the session ID
+ http://svn.apache.org/viewvc?rev=889716&view=rev
+ +1: markt
+ -1:
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org