DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24730>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24730 distinguish between expired sessions and such that never existed Summary: distinguish between expired sessions and such that never existed Product: Tomcat 4 Version: 4.1.24 Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] This probably would require a second parameter in web.xml such "session remember period. This could be used for example in a web-mail form to allow to still store a draft not posted to the server yet before session timeout and still not open the door to arbitrary denial of service attacks. P.S.: I guess Hans ([EMAIL PROTECTED]) was after something similar in http://marc.theaimsgroup.com/?l=tomcat-user&m=106079704611632&w=2 P.P.S.: I furthermore guess, Daniel (gmy11.blueyonder.co.uk) was pointing the way to a custom-made solution in (http://marc.theaimsgroup.com/?l=tomcat-user&m=104314931116293&w=2), but I contend this should be part of standard tomcat --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
