[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - session sharing
steveb3091
do-not-reply at jboss.com
Sat Jan 13 15:37:33 EST 2007
Using a 2 node cluster, jboss 4.0.3. In some cases we have to put the jsessionid parameter on the URL. In those cases I can send that URL to another person and they can hijack my session. Is this how jboss is supposed to behave ?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4001370#4001370
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4001370
More information about the jboss-user
mailing list