If cookies are disabled and a jsessionid matrix parameter is set, then it
would be possible to bookmark someone else's session. This is true of any
Java servlet container, as far as I know. Best, Laird
--
[Message sent by forum member 'ljnelson']
View Post: http://forums.java.net/node/791266