Remy Maucherat wrote:
Remy Maucherat wrote:
[EMAIL PROTECTED] wrote:
Author: mturk
Date: Tue Jun 26 05:28:00 2007
New Revision: 550789
URL: http://svn.apache.org/viewvc?view=revrev=550789
Log:
Do not pass session id if it is zero length. For now only log those
attempts. We should consider
Mladen Turk wrote:
This is not a valid veto. There is not specification nor security
reason that my patch would break. If something can be done by some
third party (like Tomcat) is completely unrelated with the purpose of
why the veto can be used.
You are right, your patch was great, so I
Remy Maucherat wrote:
[EMAIL PROTECTED] wrote:
Author: mturk
Date: Tue Jun 26 05:28:00 2007
New Revision: 550789
URL: http://svn.apache.org/viewvc?view=revrev=550789
Log:
Do not pass session id if it is zero length. For now only log those
attempts. We should consider returning 400 if the
Author: mturk
Date: Tue Jun 26 05:28:00 2007
New Revision: 550789
URL: http://svn.apache.org/viewvc?view=revrev=550789
Log:
Do not pass session id if it is zero length. For now only log those attempts.
We should consider returning 400 if the jsessionid is empty perhaps.
Modified:
[EMAIL PROTECTED] wrote:
Author: mturk
Date: Tue Jun 26 05:28:00 2007
New Revision: 550789
URL: http://svn.apache.org/viewvc?view=revrev=550789
Log:
Do not pass session id if it is zero length. For now only log those attempts.
We should consider returning 400 if the jsessionid is empty
