DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10419>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10419 Session-ID grabbing from Request accepts invalid session cookies in presense of valid URL sessions [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.freiheit.com/user|http://vicdor.org/~hzeller/S |s/hzeller/SessionBugDemonstr|essionBugDemonstration.java |ation.java | ------- Additional Comments From [EMAIL PROTECTED] 2004-02-07 20:16 ------- Since the URL to the original demonstration servlet of this issue wasn't reachable anymore (this bug is now open for 1.5 years..), I've moved it to a new location. You can find it at http://vicdor.org/~hzeller/SessionBugDemonstration.java now. While re-reading the comments after a while I noticed that referencing the bugs 1 and 2 in my first comment is a bit misleading since bugzilla tries to link to the literal number. They actually stand for the two bugs I've committed regarding two related aspects of faulty session handling in tomcat, namely Bug #10418 and this Bug #10419. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
