users@glassfish.java.net

Re: Session fixation countermeasures

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: <glassfish_at_javadesktop.org>
Date: Mon, 07 Jun 2010 10:44:59 PDT

The session fixation countermeasures need to turn on explicitly and is not in v2.
Is the jsp which generates sessionId and the url generated with sessionId refer to the same war file? It need to be the same war in GlassFish.
[Message sent by forum member 'swchan2']

http://forums.java.net/jive/thread.jspa?messageID=473186

This message: [ Message body ]
Next message: glassfish_at_javadesktop.org: "Re: Session fixation countermeasures"
Previous message: glassfish_at_javadesktop.org: "Problem usning sun-jms-adapter with sun-jms-binding component"
In reply to: glassfish_at_javadesktop.org: "Re: Session fixation countermeasures"
Next in thread: glassfish_at_javadesktop.org: "Re: Session fixation countermeasures"
Reply: glassfish_at_javadesktop.org: "Re: Session fixation countermeasures"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]