angler-fishThe Vulnerability History Project

Address https://issues.apache.org/bugzilla/show_bug.cgi?id=45255

      Prevent session fixation by providing option (disabled by default) to change session ID on authentication

git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc5.5.x/trunk@918761 13f79535-47bb-0310-9956-ffa450edef68
by Pauline the Wren 2010-03-03 23:11:30 UTC
commit 2bc388fe88eac7ed16e4606d7dccde6beef0ca1a
Tomcat
STATUS.txt
+20
container/catalina/src/share/org/apache/catalina/Manager.java
-9
container/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
-40
container/catalina/src/share/org/apache/catalina/connector/Request.java
-44
container/catalina/src/share/org/apache/catalina/session/ManagerBase.java
-11
container/modules/cluster/src/share/org/apache/catalina/cluster/session/JvmRouteBinderValve.java
+3 -4
container/modules/ha/src/share/org/apache/catalina/ha/session/JvmRouteBinderValve.java
+3 -4
container/webapps/docs/changelog.xml
-5
container/webapps/docs/config/valve.xml
-28
expand_less