Hi,
Client IP may not be right solution.
This may fail if 2 users use the same proxy to access your
site...
This is normally the case in small and big business where every
user is using a proxy to access a website....
Regards
Guru
-----Original Message-----
From: Mikolaj Rydzewski [mailto:[EMAIL PROTECTED]
Sent: 04 April 2007 16:04
To: Tomcat Users List
Subject: Re: Session Hijacking with Apache Tomcat
Jasbinder Singh Bali wrote:
> And how should i get rid of session hijacking. Is there any feature is
> tomcat that takes care of it?
Figure it out yourself, it's not so hard ;-)
I.e. you can store client's IP address in a session, and compare it with
every request. If they don't match, then session is probably hijacked.
That's the easiest solution, which will break some clients.
--
Mikolaj Rydzewski <[EMAIL PROTECTED]>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
