2009/3/13 zhaoxueqing <zhaoxueq...@g-data.com.cn>: > jsessionid is the only way to indentity the user logined. > if you get it ,you are this user. > but? we can check others , for example IP!
But we can *still* do IP spoofing. Any other better recomendation? This issue is one of my concern also. -- Zaki Akhmad --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
