/[Apache-SVN]
ViewVC logotype

Revision 889716


Jump to revision: Previous Next
Author: markt
Date: Fri Dec 11 17:30:59 2009 UTC (9 years, 10 months ago)
Changed paths: 6
Log Message:
Address session fixation by changing the session ID on authentication. This is enabled by default. This should be safe since this also happens when sessions migrate between nodes in a cluster. If an app can't handle a changing ID, then the feature can be disabled in the authenticator.  

Changed paths

Path Details
Directorytomcat/trunk/java/org/apache/catalina/Manager.java modified , text changed
Directorytomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java modified , text changed
Directorytomcat/trunk/java/org/apache/catalina/connector/Request.java modified , text changed
Directorytomcat/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java modified , text changed
Directorytomcat/trunk/java/org/apache/catalina/session/ManagerBase.java modified , text changed
Directorytomcat/trunk/webapps/docs/config/valve.xml modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26