This content has been marked as final.
Show 3 replies
-
1. Re: jsessionid length and force
sjmenden Sep 21, 2008 9:16 PM (in response to fuligj.fuligj.indamail.hu)Not possible unless you were to recompile Tomcat, why would you need to configure the length?
-
2. Re: jsessionid length and force
fuligj.fuligj.indamail.hu Sep 22, 2008 3:04 PM (in response to fuligj.fuligj.indamail.hu)Thank You for reply!
I would like to config a stronger session id with capitals,lowercases,numbers and punctuation marks for the higher security. Is this unnecessary?
-
3. Re: jsessionid length and force
sjmenden Sep 25, 2008 10:39 PM (in response to fuligj.fuligj.indamail.hu)Length should be sufficient, I haven't seen any issues with security concerns over the actual JSESSIONID content wise, since it has a length of 32 characters, that should be plenty.