On 15/10/2010 17:47, Juliano Daloia de Carvalho wrote: > Chuck, I can't say explicit why I need to use this info on the session. but > is > related with security issues. > > and you are right, is much more plausible to make this as you said, but I > can't afford to do that.
If you need to control the session ID then the right way to do this is to extend the Manager and override generateSessionId(). Anything else is going to be fragile, particularly when you factor in that Tomcat will change the session ID on authentication to prevent session fixation. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
