DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10419>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10419 Session-ID grabbing from Request accepts invalid session cookies in presense of valid URL sessions [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Major |Minor Status|REOPENED |RESOLVED Resolution| |WONTFIX ------- Additional Comments From [EMAIL PROTECTED] 2002-07-03 08:46 ------- Your statement is incorrect. URL encoding does work, but it is a all-or-nothing situation (ie, either you allow session cookies or you don't). As I said, I don't see a use case where the user-agent would submit the session id in the URL for a context, and then would submit it as a cookie for another one. The spec also doesn't specify what is the priority order for the session ids, not that it is really needed anyway IMO. In any case, I don't consider this a major bug, if people think it is a bug. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
