Hi, Client IP may not be right solution. This may fail if 2 users use the same proxy to access your site... This is normally the case in small and big business where every user is using a proxy to access a website....
Regards Guru -----Original Message----- From: Mikolaj Rydzewski [mailto:[EMAIL PROTECTED] Sent: 04 April 2007 16:04 To: Tomcat Users List Subject: Re: Session Hijacking with Apache Tomcat Jasbinder Singh Bali wrote: > And how should i get rid of session hijacking. Is there any feature is > tomcat that takes care of it? Figure it out yourself, it's not so hard ;-) I.e. you can store client's IP address in a session, and compare it with every request. If they don't match, then session is probably hijacked. That's the easiest solution, which will break some clients. -- Mikolaj Rydzewski <[EMAIL PROTECTED]> --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]