[jboss-user] [JBoss Seam] - Re: sessionId cookie: man-in-the-middle attack
gavin.king@jboss.com
do-not-reply at jboss.com
Sat Jun 2 18:09:43 EDT 2007
How about if we made it an option (probably even the default option) to automatically destroy the session every time the scheme changes?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4050706#4050706
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4050706
More information about the jboss-user
mailing list