[英]How frequent does Tomcat rotate JSESSIONID within same session
I was trying to scan a Webapp hosted in Tomcat and faced some difficulty and later realized even within the same session for an user tomcat changes JSESSIONID (monitored using Fiddler). 我试图扫描托管在Tomcat中的Webapp,但遇到了一些困难,后来甚至在同一会话中也意识到,用户tomcat会更改JSESSIONID(使用Fiddler进行监视)。 I could not find any configuration in server.xml as such.
我在server.xml中找不到任何配置。 Any info on this would be helpful
关于此的任何信息都将有所帮助
I would assume Tomcat would do this to defend Session Fixation 我认为Tomcat会这样做来捍卫会话固定
I believe default session timeout for Servlet, is 30 minutes. 我相信Servlet的默认会话超时是30分钟。
Can be altered with <session-timeout>
in web.xml. 可以使用web.xml中的
<session-timeout>
进行更改。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.