On 5/22/2010 12:10 AM, Dominik Dorn wrote:
> Hello,
>
> support against Session Fixation attacks (through changing the
> session-id after login) should also be in 3.1. web tier. It was
> discussed a few times on this list and
> is already implemented in Tomcat.
>
The fixed has been ported to 3.0.1 and 3.1.
> For session-sharing: It would be good, if session sharing would be
> done in a similar
> way terracotta is doing it, meaning just transferring differences
> instead of serializing
> the whole session object and distributing it then. In my opinion, it
> would be wise to review how much of actual terracotta could be reused
> for glassfishs HA....
> why always reinvent the wheel? :)
>
> As for the rename sun-web.xml -> glassfish-web.xml : I assume "old
> sun-web.xml" will still be parsed correctly, so that applications
> don't have to be changed, right?
>
Yes, that is correct.
Shing Wai Chan
> I'm not sure, if this belongs to the web-tier (I think it may be a
> grizzly issue), but: Will support for WebSockets be added to GF3.1 ?
>
>
> KR,
> Dominik
>
>