On 16/10/2010 13:55, Juliano Daloia de Carvalho wrote: > yes Pid, we can say that is a kind of encryption.
What do you gain by encrypting the session id? > do you know which is the first tomcat class that receives the client request? > > do you know which is the last tomcat class that is used before send the > response to the client? It's not that simple. Mark told you how to modify the session id in a previous email. You've stated that you want to change the session id, but also that you want to add an attribute to the request. The term 'attribute' has special meaning when talking about Servlet requests. You may find it difficult to modify the session id and add stuff to the request in the same code. I really think you should explain what it is you're trying to achieve, and why; more meaningful advice is difficult without an understanding what the goal is. Regardless, the Tomcat source code is available for anyone to examine and connecting a profiler or VisualVM to a running Tomcat will give you a vast amount of information to use. p
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
