You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/12/11 18:44:42 UTC

svn commit: r889723 - /tomcat/tc5.5.x/trunk/STATUS.txt

Author: markt
Date: Fri Dec 11 17:44:42 2009
New Revision: 889723

URL: http://svn.apache.org/viewvc?rev=889723&view=rev
Log:
Proposal

Modified:
    tomcat/tc5.5.x/trunk/STATUS.txt

Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=889723&r1=889722&r2=889723&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Fri Dec 11 17:44:42 2009
@@ -241,3 +241,13 @@
   http://svn.apache.org/viewvc?rev=889606&view=rev
   +1: markt
   -1: 
+
+* Address https://issues.apache.org/bugzilla/show_bug.cgi?id=45255
+  Prevent session fixation by changing session ID on authentication by default
+  If you don't like the session ID changing by default, feel free to caveat your
+  vote. If there is suggicient support for the patch but insufficient support
+  for changing the ID by default I'll apply the patch with the default set to
+  not change the session ID
+  http://svn.apache.org/viewvc?rev=889716&view=rev
+  +1: markt
+  -1: 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org