Hi there,
I just wanted to make someone at JBoss aware of this cookie security hole posted on the server side recently. Not sure if it includes JBoss or if it has been addressed, but better to be safe than sorry
http://www.infoworld.com/articles/hn/xml/01/12/03/011203hnjavahole.xml
Cheers
J
This only applies to servlet containers based on Sun's now quite old JWS 1.1. JBoss uses third party servlet containers like Tomcat and Jetty that do not have this problem.