https://issues.apache.org/bugzilla/show_bug.cgi?id=45255
--- Comment #5 from Rainer Jung <[EMAIL PROTECTED]> 2008-06-23 02:46:58 PST --- Sorry, again I wrote partial nonsense: there is a request.isRequestedSessionIdFromURL() in the servlet API. So it is easy for us to know, but also for the webapp. One could thus prevent session fixation via the jsessionid path parameter by a simple filter, that invalidates the session, if request.isRequestedSessionIdFromURL() is true. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
