Thanks for the info
On Thu, Mar 29, 2018, 12:30 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Alex,
>
> On 3/28/18 7:20 PM, Alex O'Ree wrote:
> > Does tomcat do any validation on session id's based on up
> > addresses? I'm th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Alex,
On 3/28/18 7:20 PM, Alex O'Ree wrote:
> Does tomcat do any validation on session id's based on up
> addresses? I'm thinking that if some one intercepts the session
> token and tries to use it from another ip address, then it's
> feasible to d
On 3/28/2018 5:20 PM, Alex O'Ree wrote:
Does tomcat do any validation on session id's based on up addresses? I'm
thinking that if some one intercepts the session token and tries to use it
from another ip address, then it's feasible to detect this and invalidate
the session.
If you're using S
Does tomcat do any validation on session id's based on up addresses? I'm
thinking that if some one intercepts the session token and tries to use it
from another ip address, then it's feasible to detect this and invalidate
the session.
