Tomcat5 does not retain the specific configuration of session.ser

By default, the web application published under Tomcat5, if the SESSION operation is involved, when Tomcat5 is closed or undeploy, the session.ser file will be created under the corresponding path in the Work directory to store the WebApp's session data. In the session timeout, Tomcat restarts or RE-Deploy will load the data in the file, restore the user's original session running environment. In some security sensitive applications, this may bring some hidden dangers. There is no direct option in server.xml in the Tomcat release version to disable the session data. However, according to the Tomcat5 configuration reference document, Tomcat also provides another session management mechanism. For details, please refer to this document. The specific operations are as follows: Create a XML file with WebApps, such as WebApp's Context Path for Test, then file name is Test.xml. The document content is as follows: < Store classname = "org.apache.catalina.session.filestore" /> is obvious, the SaveonRestart parameter value is false, that is, the session is not retained. There are still many properties, see documentation in details. Note that although it is not saved, the child element is essential. Put your files in the Tomcat5 installation directory / CONF / CATALINA / LOCALHOST / Path to take effect. If Tomcat5 is integrated into JBoss (JBoss3.2.5 integration tomcat5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9), the configuration is slightly different, rename Test.xml is Context.xml, place it to webApp's web-infirectory. Tomcat 5 The following versions, I know, Tomcat 4.1.x is similar to Tomcat5 configuration, please refer to the relevant version of the document.