EAServer 4.2.3 includes a new server property to further protect against replay attacks against secure Web applications. The server property com.sybase.jaguar.server.servlet.serverCheckPeerIPForHttpSession can be true or false; the default is false. When true, EAServer binds the client IP address to each servlet authenticated session and validates subsequent requests to insure the IP address is the same.
