On 5/8/2014 8:56 PM, Akash Jain wrote:
Hi,I am trying to resolve session fixation issue with tomcat 7.0.52 We have a Spring MVC application running on it, and the Auth method is provided by another application which writes cookie, and we use the cookie value to check whether the user is valid or not. My application URL patterns are / - Home page /login - Redirect to another application to ask user to authenticate /myaccess/user*** --> All authenticated URL's <Context path="" docBase="myapplication" sessionCookieName="mycookiename" sessionCookieDomain="application.mydomain.com sessionCookiePath="/"> As I cannot use org.apache.catalina.authenticator.FormAuthenticator here. How can i prevent the session fixation ? Thanks.
Do all communications use SSL or TLS? -Terence Bandoian --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
