[jboss-user] [JBoss Seam] - Re: sessionId cookie: man-in-the-middle attack
modoc
do-not-reply at jboss.com
Sat Jun 2 17:27:12 EDT 2007
I think the most likely scenario where this could be an issue and the proposed solution would help is if some of your site is http, but post-login, it changes to https to deal with more secure/personal information and features.
I wouldn't tie this session swapping to the login process, but rather make it useable wherever the app developer wants, probably when a protocol change is made.
Thoughts?
Devon
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4050697#4050697
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4050697
More information about the jboss-user
mailing list