David, Christopher
Thank you for sharing your thoughts.
It seems to me that there is no standard solution to this problem, but you
agree with me that the problem exists.
As I mentioned before, I came up with a solution that looks promising.
Here's a rough description, I'd welcome your opinions/
Dear all,
I'm currently trying to find a way to fight "Session Fixation"
(http://www.owasp.org/index.php/Session_Fixation) in tomcat when using
the built -in mechanisms to authenticate users of a servlet. In the
environment in question, an own realm implementation is in place and
we use the Single
