RE: [Q] Session invalidation and authentication mechanism - Joe Shevland - org.apache.tomcat.users

7 messages in org.apache.tomcat.usersRE: [Q] Session invalidation and auth...

From	Sent On	Attachments
Luke Taylor	Aug 14, 2000 2:03 am
java program	Aug 14, 2000 3:57 am
Craig McClanahan	Aug 14, 2000 1:29 pm
Joe Shevland	Aug 14, 2000 1:51 pm
William Brogden	Aug 14, 2000 3:33 pm
Craig McClanahan	Aug 14, 2000 3:39 pm
William Brogden	Aug 14, 2000 3:52 pm

Subject:	RE: [Q] Session invalidation and authentication mechanism
From:	Joe Shevland (shev...@kpi.com.au)
Date:	Aug 14, 2000 1:51:11 pm
List:	org.apache.tomcat.users

Any indication of a release of 3.2 in the wind or is it likely to go through some more beta phases?

Cheers, Joe

A couple of notes that relate to the way Tomcat itself does this:

* As of version 3.2, the algorithm used to calculate the next session ID has been made *much* harder to calculate the next session ID value. Of course, nothing stops a snooper from swiping the session ID of a current session unless you are running across an encrypted connection (see more below on this topic). [snip]

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets