Re: Session management

[k41zen Me <k41zen () me com>]

So the only cookie (JESSIONID) sent is by Firefox right from the very first GET request and this never changes. Could
it be using this one? I would expect a new cookie after auth but there isn't one. The server doesn't send anything.

I've read a bit around the JESSIONID cookie and how it differs from IE to Firefox and tabbed pages. 

If it is using this how are they generated? How unique are they?



On 3 Nov 2010, at 14:21, Jim Halfpenny wrote:

> IP authentication is one possible method I've seen in some VOIP
> devices. Once you send your credentials all requests from your IP are
> authorised as that user. It could also be taking an existing cookie
> set when you first visit and reusing this as your authentication
> token. Are there any other cookies set by this server?
>
> Jim
>
>
> On 2 November 2010 21:09, k41zen Me <k41zen () me com> wrote:
> > I'm struggling to see any session management taking place between the browser (Firefox) and a Tomcat app. The server 
> > returns no "Set-Cookie" header, there's no session info contained within the URL, the browser isn't sending auth 
> > with each request and I can't see any data within the requests that could be providing session info.
> >
> > Is there some other way this could be provided?
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com