erance of other info they send back
(browser, some other signature, etc.)?
You're treating the symptoms of a fringe/poor design. Sometimes that's
necessary, but hopefully for your sake it's not.
justin
Subject:
Re: Tomcat5 and url tracking hijacking
From:
Tim Funk <[EMAIL PROTECT
Sorry you did, but I didn't read it ...
> -Original Message-
> From: Ralph Einfeldt
> Sent: Tuesday, January 27, 2004 5:42 PM
> To: Tomcat Users List
> Subject: RE: Tomcat5 and url tracking hijacking
>
>
> Y
g people to a
certain ip range, or within a certain tolerance of other info they send
back (browser, some other signature, etc.)?
Thanks,
-Marc
Subject:
Re: Tomcat5 and url tracking hijacking
From:
Tim Funk <[EMAIL PROTECTED]>
Date:
Tue, 27 Jan 2004 09:41:27 -0500
To:
Tomcat Users List <[
st practice' or 'How to'
for this.
> -Original Message-
> From: Marc Hughes [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 27, 2004 5:31 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Tomcat5 and url tracking hijacking
>
>
> I don't see how htt
There is not much tomcat can do about it.
The too simple solution is to stick the session to the ip.
But that doesn't work well.
- There are several users that can have different ip's in
the same session (dial in connection, dsl)
- on the other side there are several users that use the
same
Howdy,
Part of the session creation involves information about the user
environment, such as his/her IP address and browser. Someone would have
to read the bulleting board and contact the server from the same IP
address as the original user before the session expires. But anyways,
the session cr
people to a
certain ip range, or within a certain tolerance of other info they send
back (browser, some other signature, etc.)?
Thanks,
-Marc
Subject:
Re: Tomcat5 and url tracking hijacking
From:
Tim Funk <[EMAIL PROTECTED]>
Date:
Tue, 27 Jan 2004 09:41:27 -0500
To:
Tomcat Users List <[E
yeah - you'd get that users session. Same problem with cookie hijacking.
Use https.
There is nothing defined by the spec to prevent this. (Except https)
-Tim
Marc Hughes wrote:
Does tomcat 5 use some kind of mechanism to prevent session hijacking
when url session tracking is being used? For i