projects / tomcat7.0 / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 56a5ec2) | patch
Address session fixation by changing the session ID on authentication. This is enable...
authormarkt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Fri, 11 Dec 2009 17:30:59 +0000 (17:30 +0000)
committermarkt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Fri, 11 Dec 2009 17:30:59 +0000 (17:30 +0000)
commit4073acd78f25853337b76e022b343b887fe94e27
treeb1e2603f2ed6b2f0fba0c5c041d08aa51fbffe43tree | snapshot
parent56a5ec22d04074375a1c89bd0bf42c07259cb3f0commit | diff
Address session fixation by changing the session ID on authentication. This is enabled by default. This should be safe since this also happens when sessions migrate between nodes in a cluster. If an app can't handle a changing ID, then the feature can be disabled in the authenticator.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@889716 13f79535-47bb-0310-9956-ffa450edef68
java/org/apache/catalina/Manager.java diff | blob | history
java/org/apache/catalina/authenticator/AuthenticatorBase.java diff | blob | history
java/org/apache/catalina/connector/Request.java diff | blob | history
java/org/apache/catalina/ha/session/JvmRouteBinderValve.java diff | blob | history
java/org/apache/catalina/session/ManagerBase.java diff | blob | history
webapps/docs/config/valve.xml diff | blob | history
Unnamed repository; edit this file to name it for gitweb.