Re: SSLSession invalidate

2011-09-15 Thread Henry Story
@tomcat.apache.org [mailto:users-return-227483-STEVEN.J.ADAMUS=saic@tomcat.apache.org] On Behalf Of Jürgen Jakobitsch Sent: Tuesday, September 06, 2011 3:12 PM To: Tomcat Users List Subject: Re: SSLSession invalidate thanks mark, if i understand you correct, it is simply NOT possible

Re: SSLSession invalidate

2011-09-15 Thread Henry Story
@tomcat.apache.org [mailto:users-return-227483-STEVEN.J.ADAMUS=saic@tomcat.apache.org] On Behalf Of Jürgen Jakobitsch Sent: Tuesday, September 06, 2011 3:12 PM To: Tomcat Users List Subject: Re: SSLSession invalidate thanks mark, if i understand you correct, it is simply

SSLSession invalidate

2011-09-06 Thread Jürgen Jakobitsch
hi, i'm pretty sure, this question has been asked a thouthand times, but i didn't find an answer : how can access the SSLSession in a jsp or a servlet to be able to invalidate it. any pointer really appreciated wkr www.turnguard.com/turnguard -- | Jürgen Jakobitsch, | Software Developer |

Re: SSLSession invalidate

2011-09-06 Thread Chema
how can access the SSLSession in a jsp or a servlet to be able to invalidate it. Sorry, but is there any difference between to invalidate a HTTP Session and a SSLSession ? - To unsubscribe, e-mail:

Re: SSLSession invalidate

2011-09-06 Thread baran topal
Greetings from Stockholm, this is Baran Topal. As i was drinking my Guiness, i find your question interesting :) Here you go: % HttpSession s = request.getSession(false); if (s != null) s.invalidate(); % Inform me whether this is working or not :) Regards. On 6 sep 2011, at 22:09, Chema

Re: SSLSession invalidate

2011-09-06 Thread Jürgen Jakobitsch
really appreciated wkr turnguard - Original Message - From: baran topal jazziiil...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, September 6, 2011 10:57:17 PM Subject: Re: SSLSession invalidate Greetings from Stockholm, this is Baran Topal. As i was drinking my

Re: SSLSession invalidate

2011-09-06 Thread Mark Thomas
On 06/09/2011 22:42, Jürgen Jakobitsch wrote: apparently there is one, i can get it's id with request.getAttribute(javax.servlet.request.ssl_session) That is a Tomcat bug it should be javax.servlet.request.ssl_session_id in tomcat7 there's the possibility to use SSLSessionManager to

Re: SSLSession invalidate

2011-09-06 Thread Jürgen Jakobitsch
...@apache.org To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, September 7, 2011 12:08:29 AM Subject: Re: SSLSession invalidate On 06/09/2011 22:42, Jürgen Jakobitsch wrote: apparently there is one, i can get it's id with request.getAttribute(javax.servlet.request.ssl_session

RE: SSLSession invalidate

2011-09-06 Thread Adamus, Steven J.
, 2011 3:12 PM To: Tomcat Users List Subject: Re: SSLSession invalidate thanks mark, if i understand you correct, it is simply NOT possible to invalidate the SSLSession of which i can get the id with request.getAttribute(javax.servlet.request.ssl_session) (it works with this key in 6.0.32) wkr