And how should i get rid of session hijacking. Is there any feature is tomcat that takes care of it?
On 4/4/07, Mikolaj Rydzewski <[EMAIL PROTECTED]> wrote:
Jasbinder Singh Bali wrote: >> In short, i need to demonstrate session hijacking in apache tomcat and >> then show measures that would be >> taken to get rid of it. >> >> Any kind of help would be highly appreciated. Turn off cookies, Tomcat should then rewrite URLs to include jsessionid. Then it's trivial to hijack such session. -- Mikolaj Rydzewski <[EMAIL PROTECTED]>