Costin Manolache wrote:
I find it amazing that 2 people reported beeing hit by meteors (duplicate session ids ) in the same week.
I find it odd that it actually happened ...
Yes, since sessions are saved and then reloaded by Tomcat on restart.You're right - a counter is better than time. It'll duplicate the counter if tomcat is restarted - so probably the initial value of the counter should be random or derived from time.
Anyway, as far as I am concerned, I don't see any security problem so far, so I won't make any security bulletin.
I'll compile the list of changes since 4.1.18 early next week, for maybe a new alpha release.
Remy
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
