Jasbinder Singh Bali wrote:
And how should i get rid of session hijacking. Is there any feature is tomcat that takes care of it?
Figure it out yourself, it's not so hard ;-)
I.e. you can store client's IP address in a session, and compare it with every request. If they don't match, then session is probably hijacked. That's the easiest solution, which will break some clients.
-- Mikolaj Rydzewski <[EMAIL PROTECTED]>
smime.p7s
Description: S/MIME Cryptographic Signature
