From http://tomcat.apache.org/tomcat-6.0-doc/config/manager.html :
The length of session ids created by this Manager, measured in bytes, excluding
subsequent conversion to a hexadecimal string and excluding any JVM route
information used for load balancing. The default is 16.
The validator regex in Validator.HTTPJSESSIONID should be changed from
^[A-Z0-9]{10,30}$
to
^[A-Z0-9]{10,32}$
Original issue reported on code.google.com by Alex.x86@gmail.com on 3 Sep 2012 at 7:13
Original issue reported on code.google.com by
Alex.x86@gmail.comon 3 Sep 2012 at 7:13