File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HTTP Sessions behavior

 
Ryan McClain
Ranch Hand
Posts: 145
1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How does a Container like Tomcat identify a client as being 'the same client between requests'? Is this by sessionID?

If the client keeps two browser windows open that both visit the same servlet (therefore two threads exist), how come the exact same sessionID is being exchanged (and therefore causing multithreading problems)? Why does the Container treat the client as the same regardless of browser window?

Another question:
It is possible to steal someone's HTTP session, right? I have read online that certain vBulletin boards were exploited by some session exploit (I don't know of the details).
Is it also possible to steal someone's request?
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic