Henrik Bentel wrote:
One of my problems is that I can't find anything in the servlet or
tomcat documentation that mentiones any of this behaviour. If there is
any, please send me the link.
Hi Henrik,
I couldn't find anything specific in the Servlet Spec, but in general
it's just not a good
my 2 cents:
encrypting session information such as encrypted urls or cookies dont
buy anything. they can be sniffed , and sent back. or worse things can
happen. Security is not cheap so forget finding an inexpensive way.
thats one big problem with open protocols, you know exactly where to
On Sat, 19 Oct 2002, Henrik Bentel wrote:
Date: Sat, 19 Oct 2002 19:08:35 +
From: Henrik Bentel [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http--- https
One of my problems is that I
On Fri, 18 Oct 2002, Maninder S Batth wrote:
Date: Fri, 18 Oct 2002 20:11:31 -0700
From: Maninder S Batth [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http--- https
if session apis
PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http--- https
yeah, I always encode the redirection URL.
it's waird that it works if the session is created which under http, but not
under https.
bug maybe?
Nope ... avoidance of a huge security
On Fri, 18 Oct 2002, Maninder S Batth wrote:
Date: Fri, 18 Oct 2002 19:28:59 -0700
From: Maninder S Batth [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http--- https
please correct me if i
]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http--- https
Date: Fri, 18 Oct 2002 21:48:36 -0700 (PDT)
On Fri, 18 Oct 2002, Maninder S Batth wrote:
Date: Fri, 18 Oct 2002 19:28:59 -0700
From: Maninder S Batth [EMAIL PROTECTED]
Reply-To: Tomcat
On Thu, 17 Oct 2002, Henrik Bentel wrote:
Date: Thu, 17 Oct 2002 04:45:21 +
From: Henrik Bentel [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http--- https
ok, I see your point.
My
(http or https) stays
put when redirecting.
I haven't found anything in the servlet specification that
mentiones anything about this behaviour.
From: Henrik Bentel [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking
.
From: Henrik Bentel [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http--- https
Date: Thu, 17 Oct 2002 04:45:21 +
ok, I see your point.
My approach is that I only use https to scramble
PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http---
https
Date: Thu, 17 Oct 2002 04:45:21 +
ok, I see your point.
My approach is that I only use https to scramble the login request
itself, so that a login password cannot be read,or sniffed, in clear
: Maninder S Batth [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http---
https
Date: Fri, 18 Oct 2002 14:13:40 -0700
is the request method changing in redirection, for example post to
get
PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http---
https
Date: Fri, 18 Oct 2002 14:13:40 -0700
is the request method changing in redirection, for example post to
get ?? if it is, use HttpServletResponse.encodeURL()
Henrik Bentel wrote:
Another
On Fri, 18 Oct 2002, Henrik Bentel wrote:
Date: Fri, 18 Oct 2002 23:07:17 +
From: Henrik Bentel [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http--- https
yeah, I always encode
?
Craig R. McClanahan wrote:
On Fri, 18 Oct 2002, Henrik Bentel wrote:
Date: Fri, 18 Oct 2002 23:07:17 +
From: Henrik Bentel [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http--- https
yeah, I
a session gets destroyed.
-Ursprüngliche Nachricht-
Von: Henrik Bentel [mailto:[EMAIL PROTECTED]]
Gesendet: Donnerstag, 17. Oktober 2002 06:45
An: [EMAIL PROTECTED]
Betreff: Re: problem with session tracking and redirection http---
https
My approach is that I only use https to scramble
Help!
I recently tried to upgrade my version of Tomcat from 3.3 to 4.1(I also
tried 4.0). My problem is that for some reason the httpsession is lost after
redirection from https to http. I run apache in front of tomcat to handle
static content plus certificate. My webapp depend on the ability
This is the way Tomcat 4.x.x is made to work. The reason for this is
security. I think it can be assumed that you were under https for a
reason. Maybe you entered your cedit card info and are storing that in the
session until the final submit. Now, if you stayed in the same session
when
]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: Re: problem with session tracking and redirection http--- https
Date: Wed, 16 Oct 2002 23:33:41 -0500
This is the way Tomcat 4.x.x is made to work. The reason for this is
security. I think it can
To: '[EMAIL PROTECTED]'
Subject: RE: Problem with session tracking. Please help
[snip]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 02 May 2001 17:13
To: '[EMAIL PROTECTED]'
Subject:RE: Problem with session tracking. Please help
I
Hi All,
We're having a problem with session tracking.
We are using tomcat pretty much out of the box, without integrating
with apache or anything like that.
We are attaching an attribute to the session which we want (reasonably
enough) to be per session.
We are then sending requests
-- Bill K.
-Original Message-
From: Roberts Huw [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 02, 2001 3:21 AM
To: '[EMAIL PROTECTED]'
Subject: Problem with session tracking. Please help
Hi All,
We're having a problem with session tracking.
We
-Original Message-
From: William Kaufman [mailto:[EMAIL PROTECTED]]
Sent: 02 May 2001 15:02
To: '[EMAIL PROTECTED]'
Subject: RE: Problem with session tracking. Please help
1) Does your browser have cookies enabled? If not, you need
to rewrite all
your URLs, using
PROTECTED]]
Sent: Wednesday, May 02, 2001 7:24 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Problem with session tracking. Please help
-Original Message-
From: William Kaufman [mailto:[EMAIL PROTECTED]]
Sent: 02 May 2001 15:02
To: '[EMAIL PROTECTED]'
Subject: RE: Problem
a lot
Huw
-Original Message-
From: William Kaufman [mailto:[EMAIL PROTECTED]]
Sent: 02 May 2001 16:10
To: '[EMAIL PROTECTED]'
Subject: RE: Problem with session tracking. Please help
Are both the servers running on the same host? This sounds
like a problem
I've run into: since
Message-
From: William Kaufman [SMTP:[EMAIL PROTECTED]]
Sent: woensdag 2 mei 2001 17:10
To: '[EMAIL PROTECTED]'
Subject:RE: Problem with session tracking. Please help
Are both the servers running on the same host? This sounds like a problem
I've run into: since cookies
To: '[EMAIL PROTECTED]'
Subject: RE: Problem with session tracking. Please help
Apologies. A misunderstanding.
I have only one tomcat server. The different machines in question
are different client machines.
Interestingly tomcat doesn't appear to be trying to put anything in
the cookie
++) { %
%=cookie[j].getName()%nbsp%=cookie[j].getValue()%br
%}%
/body
/html
Thanks,
Huw
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 02 May 2001 17:13
To: '[EMAIL PROTECTED]'
Subject: RE: Problem with session tracking. Please help
I have
Johnson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 24, 2001 10:00 AM
To: [EMAIL PROTECTED]
Subject: Re: Problem with session tracking
Set your browser to accept but warn you about all cookies. This will
give you a better idea of what's happening with isNew().
isNew() is true until
Hi there,
I'm having trouble with session tracking in a servlet in that the session always
appears to be new. When exercising the following code fragment:
HttpSession session = request.getSession();
if (session.isNew())
{
// Some stuff here
}
the isNew() call always evaluates to true. I
Undeliverable mail.
on circumstances and personal tastes as to which one you use.
sam
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 24, 2001 9:36 AM
Subject: Problem with session tracking
Hi there,
I'm having trouble with session tracking in a servlet in that the session
Undeliverable mail.
Undeliverable mail.
Undeliverable mail.
Undeliverable mail.
Undeliverable mail.
Undeliverable mail.
Undeliverable mail.
Undeliverable mail.
Undeliverable mail.
Sam wrote:
There is a difference between the way HttpSessions arew created and handled,
and the Cookie objetc. The cookie object creates a persistant cookie on the
clients machine. The HttpSession is just a memory cookie, and as such is
non-persistant and doesn't sit on disk.
Interesting.
Undeliverable mail.
Undeliverable mail.
loose my
using sendRedirect rather than forwarding?
sam
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 24, 2001 11:21 AM
Subject: Re: Problem with session tracking
Sam wrote:
There is a difference between the way HttpSessions arew created
, 2001 11:21 AM
Subject: Re: Problem with session tracking
Sam wrote:
There is a difference between the way HttpSessions arew created and
handled,
and the Cookie objetc. The cookie object creates a persistant cookie on
the
clients machine. The HttpSession is just a memory
instead and this works fine - what do you loose my
using sendRedirect rather than forwarding?
sam
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 24, 2001 11:21 AM
Subject: Re: Problem with session tracking
Sam wrote
forwarding?
sam
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 24, 2001 11:21 AM
Subject: Re: Problem with session tracking
Sam wrote:
There is a difference between the way HttpSessions arew created
]
Subject: Re: Problem with session tracking
Set your browser to accept but warn you about all cookies. This will
give you a better idea of what's happening with isNew().
isNew() is true until the browser has accepted a cookie. Your app must
send a response to the browser, and the browser must
: Tuesday, April 24, 2001 11:21 AM
Subject: Re: Problem with session tracking
Sam wrote:
There is a difference between the way HttpSessions arew created and
handled,
and the Cookie objetc. The cookie object creates a persistant cookie on
the
clients machine
[EMAIL PROTECTED] wrote:
FWIW, I'm having a similar problem. After two hours wrestling with JDB
and
a few Dr. Watson alerts, I've figured out the problem (if not the
solution):
I'm using sendRedirect() to bounce between two Tomcat instances (both
on my
own machine, on two different ports).
Undeliverable mail.
Undeliverable mail.
Hi!
I've encountered the following problem using the Session Tracking API
in Tomcat 3.1.
I use servlets (not JSP!) under the following environment:
java 1.2.2
tomcat 3.1 (servlet.jar version 2.2)
apache
For invalidating a session, in the servlet scope, I use the following code
54 matches
Mail list logo