AW: Tomcat 5 and Realm problem
Hi Frederic, you are using IE and https? I got the same error and can't find a proper solution for it. I bet you have turned of cookies in IE. Turn them on (allow session-cookies) and it will work again. Greetings Martin -Ursprüngliche Nachricht- Von: VAN DER MARLIERE FREDERIC [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 14. Dezember 2004 18:41 An: [EMAIL PROTECTED] Betreff: Tomcat 5 and Realm problem Hi, I'm developping a web app in wich I want the users to authenticate via Realm. I first used BASIC authentication méthod and everything worked fine. But when I want to use the FORM one, I get the following message when login and password are correct (if not, I get the error page I configured in web.xml): The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser My web.xml looks like: security-constraint display-name/display-name web-resource-collection web-resource-nameprotection index/web-resource-name url-pattern//url-pattern http-methodGET/http-method /web-resource-collection auth-constraint role-namemyRole/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role role-namemyRole/role-name /security-role And login.jsp looks like: html head/head body form action=j_security_check method=POST input type=text name=j_username / input type=password name=j_password / input type=submit / /form /body /html Does someone have any idea about the origin of my problem ? Thanks. Fred. Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et etablis a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration. Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. This message and any attachments ( the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration. Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. Virus checked by G DATA AntiVirusKit Version: AVK 15.0.1471 from 11.12.2004 Virus news: www.antiviruslab.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: RE : Tomcat 5 and Realm problem
Hello Ben, On my System (w2k IE6) with Cookies turned off FORM based login fails even with SSL session information in IE firefox has no problem with that. :-( Martin -Ursprüngliche Nachricht- Von: Ben Souther [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 15. Dezember 2004 17:45 An: Tomcat Users List Betreff: Re: RE : Tomcat 5 and Realm problem On Wed, 2004-12-15 at 10:44, VAN DER MARLIERE FREDERIC wrote: Not far. I do use IE and htpts. And I turned off cookies but in server.xml file. I meet to many problems when I use session cookies and none with encoded URL. Any idea of the way to use realm authentication (FORM method) with cookies turned off? If there is, it probably won't be very portable. Here's a quote from the serlet specs: SRV.12.5.3.1 Login Form Notes Form based login and URL based session tracking can be problematic to implement. Form based login should be used only when sessions are being maintained by cookies or by SSL session information. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit Version: AVK 15.0.1471 from 11.12.2004 Virus news: www.antiviruslab.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Mysterious (I think caching) Problem with IE 6 and Form Authentication under SSL (Tomcat 5.0.x)
Hello, I have a real strange Problem with Tomcat and IE When I get forwarded to the login page of my application and enter my account data I always get the following message: HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser But following the instructions does always result in the same errormessage. With every other browser even InternetExplores on other Machines (same version) I can login without any Problem. I think IE caches the error page somewhere because in the logfile the login is logged as success I tried everthing delete temporary internetfiles /cookies nothing worked! Funny is, when I copy the installation to an other machine (other hostname/ip) I can login with my IE without any Problem. If someone knows something about this problem, please give me a hint! greetings Martin Grüneberg Virus checked by G DATA AntiVirusKit Version: AVK 15.0.551 from 19.10.2004 Virus news: www.antiviruslab.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Mysterious Exception while server startup
Hello, I run here a tomcat 5.0.27 server on windows 2000 with jsdk1.4.2-04. The following happens rarely and it seems only to happen when I start Tomcat in Eclipse 3 (Sysdeo 3.0.0 alpha1 plugin). After processing all contextes on startup I get sometimes the following Exception: WARNUNG: Error registering contexts java.util.ConcurrentModificationException at java.util.HashMap$HashIterator.nextEntry(HashMap.java:782) at java.util.HashMap$EntryIterator.next(HashMap.java:824) at java.util.HashMap.putAllForCreate(HashMap.java:424) at java.util.HashMap.clone(HashMap.java:656) at mx4j.server.DefaultMBeanRepository.clone(DefaultMBeanRepository.java:56) at mx4j.server.MBeanServerImpl.findMBeansByPattern(MBeanServerImpl.java:1603) at mx4j.server.MBeanServerImpl.queryObjectNames(MBeanServerImpl.java:1568) at mx4j.server.MBeanServerImpl.queryMBeans(MBeanServerImpl.java:1512) at org.apache.coyote.tomcat5.MapperListener.init(MapperListener.java:126) at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1537) at org.apache.catalina.core.StandardService.start(StandardService.java:489) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:422) 07.07.2004 15:01:07 org.apache.catalina.startup.Catalina start INFO: Server startup in 30844 ms When it happens all Contextes are not available and when I stop and restart Tomcat with the plugin in Eclipse after this it ALWAYS happens until I restart Eclipse!. Did somebody else encounter this problem? Greetings, Martin Grüneberg Virus checked by G DATA AntiVirusKit Version: AVK 14.0.1353 from 07.07.2004 Virus news: www.antiviruslab.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: Getting mad with jsp 2.0 jsp:directive.include file=file_to_include.jsp/
Thanks for the answer,
but the jsp:directive.include ... is the xml-styled version of %@ include
file=...
so this should work equaly.
Any other proposals?
martin
-Ursprüngliche Nachricht-
Von: Woodchuck [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 30. Juni 2004 16:23
An: Tomcat Users List
Betreff: Re: Getting mad with jsp 2.0 jsp:directive.include
file=file_to_include.jsp/
hi Martin,
can you try to use the compile-time include like the following:
%@ include file=/jsp/ascript.jsp%
instead of the run-time include that you are currently using? that is
why it is complaining about double importing.
if you use compile-time include then you do not need to import in your
ascript.jsp
woodchuck
--- Martin_Gr|neberg [EMAIL PROTECTED] wrote:
Hello, hope somebody knows whats going on here...
I have a main.jsp with the following start..
?xml version=1.0 encoding=utf-8?
jsp:root version=2.0 xmlns:jsp=http://java.sun.com/JSP/Page;
xmlns=http://www.w3.org/1999/xhtml;
xmlns:c=http://java.sun.com/jsp/jstl/core;
xmlns:fn=http://java.sun.com/jsp/jstl/functions;
xmlns:html=/WEB-INF/struts-html-el.tld
xmlns:am=/WEB-INF/AccessManager2.tld
xmlns:bean=/WEB-INF/struts-bean-el.tld
jsp:output doctype-root-element=html
doctype-public=-//W3C//DTD XHTML 1.0 Transitional//EN
doctype-system=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
/
jsp:directive.page contentType=text/html; charset=utf-8
language=java
/
html:html locale=true xhtml=true
head
html:base/
titlebean:message key=login.title//title
c:url value=/css/style.css var=link
/c:url
link rel=stylesheet href=${fn:escapeXml(link)}
type=text/css/
jsp:directive.include file=/jsp/ascript.jsp/
/head
the /jsp/ascript.jsp looks like that:
script type=text/javascript
var newWindow;
function openInsertWindow()
{
c:url value=/messdatenPreloadAction.do var=link
c:param name=operation value=insertDataset/
/c:url
newWindow =
window.open(${fn:escapeXml(link)},_blank,resizable=yes,scrollbars=yes,w
idth=800,height=600,status=yes);
}
...
ok, now the problem:
when i call the jsp tomcat (jasper) throws the following exception:
org.apache.jasper.JasperException: /jsp/ascript.jsp(9,33) The
attribute
prefix fn does not correspond to any imported tag library
I thought ok, and added the same declaration to the /jsp/ascript.jsp
include
file like in the main.jsp:
?xml version=1.0 encoding=utf-8?
jsp:root version=2.0 xmlns:jsp=http://java.sun.com/JSP/Page;
xmlns=http://www.w3.org/1999/xhtml;
xmlns:c=http://java.sun.com/jsp/jstl/core;
xmlns:fn=http://java.sun.com/jsp/jstl/functions;
xmlns:html=/WEB-INF/struts-html-el.tld
xmlns:am=/WEB-INF/AccessManager2.tld
xmlns:bean=/WEB-INF/struts-bean-el.tld
script type=text/javascript
var newWindow;
function openInsertWindow()
{
c:url value=/messdatenPreloadAction.do var=link
c:param name=operation value=insertDataset/
/c:url
newWindow =
window.open(${fn:escapeXml(link)},_blank,resizable=yes,scrollbars=yes,w
idth=800,height=600,status=yes);
}
...
but then i got the exception:
org.apache.jasper.JasperException: h3Validation error messages from
TagLibraryValidator for c/h3pnull:
org.xml.sax.SAXParseException: Attribute bean bound to namespace
http://www.w3.org/2000/xmlns/; was already
specified for element jsp:root./p
ok, this seems to be logical to me, because it is alredy declared in
main.jsp.
What can i do to fix this, to get the taglib known in the include but
not
double import it???
thanks in advance
Martin Gr|neberg
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
__
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Getting mad with jsp 2.0 jsp:directive.include file=file_to_include.jsp/
Hello, hope somebody knows whats going on here...
I have a main.jsp with the following start..
?xml version=1.0 encoding=utf-8?
jsp:root version=2.0 xmlns:jsp=http://java.sun.com/JSP/Page;
xmlns=http://www.w3.org/1999/xhtml;
xmlns:c=http://java.sun.com/jsp/jstl/core;
xmlns:fn=http://java.sun.com/jsp/jstl/functions;
xmlns:html=/WEB-INF/struts-html-el.tld
xmlns:am=/WEB-INF/AccessManager2.tld
xmlns:bean=/WEB-INF/struts-bean-el.tld
jsp:output doctype-root-element=html
doctype-public=-//W3C//DTD XHTML 1.0 Transitional//EN
doctype-system=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; /
jsp:directive.page contentType=text/html; charset=utf-8 language=java
/
html:html locale=true xhtml=true
head
html:base/
titlebean:message key=login.title//title
c:url value=/css/style.css var=link
/c:url
link rel=stylesheet href=${fn:escapeXml(link)} type=text/css/
jsp:directive.include file=/jsp/ascript.jsp/
/head
the /jsp/ascript.jsp looks like that:
script type=text/javascript
var newWindow;
function openInsertWindow()
{
c:url value=/messdatenPreloadAction.do var=link
c:param name=operation value=insertDataset/
/c:url
newWindow =
window.open(${fn:escapeXml(link)},_blank,resizable=yes,scrollbars=yes,w
idth=800,height=600,status=yes);
}
...
ok, now the problem:
when i call the jsp tomcat (jasper) throws the following exception:
org.apache.jasper.JasperException: /jsp/ascript.jsp(9,33) The attribute
prefix fn does not correspond to any imported tag library
I thought ok, and added the same declaration to the /jsp/ascript.jsp include
file like in the main.jsp:
?xml version=1.0 encoding=utf-8?
jsp:root version=2.0 xmlns:jsp=http://java.sun.com/JSP/Page;
xmlns=http://www.w3.org/1999/xhtml;
xmlns:c=http://java.sun.com/jsp/jstl/core;
xmlns:fn=http://java.sun.com/jsp/jstl/functions;
xmlns:html=/WEB-INF/struts-html-el.tld
xmlns:am=/WEB-INF/AccessManager2.tld
xmlns:bean=/WEB-INF/struts-bean-el.tld
script type=text/javascript
var newWindow;
function openInsertWindow()
{
c:url value=/messdatenPreloadAction.do var=link
c:param name=operation value=insertDataset/
/c:url
newWindow =
window.open(${fn:escapeXml(link)},_blank,resizable=yes,scrollbars=yes,w
idth=800,height=600,status=yes);
}
...
but then i got the exception:
org.apache.jasper.JasperException: h3Validation error messages from
TagLibraryValidator for c/h3pnull:
org.xml.sax.SAXParseException: Attribute bean bound to namespace
http://www.w3.org/2000/xmlns/; was already
specified for element jsp:root./p
ok, this seems to be logical to me, because it is alredy declared in
main.jsp.
What can i do to fix this, to get the taglib known in the include but not
double import it???
thanks in advance
Martin Grüneberg
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Question on Container Managed Authorization in Tomcat
Hello togehter, I have a question on Container Managed Authorization in Tomcat. I read the actual ServletSpec but could not find a clear answer to my problem. Did I understand the Servlet Spec SRV.12.5.3.1 right that when I use FORM Authentication my 'auth-lifetime' is tied to my session so I have to logon again when the session expired or when I call session.invalidate()to perform a logout? Is it also right that when I use one of the other Auth-Methods (BASIC, DIGEST...) the Authentication is not bound to my session lifetime? When so, how can I perform an explicit logout for those Methods? How could I tie session-lifetime and auth-lifetime together in all Auth-Methods? greetings Martin Grüneberg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
register/remove HttpSessionListener after context startup?
Hi all, Is it possible to register/remove a class which implements HttpSessionListener after startup without changing web.xml and reloading the context? Martin Grüneberg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GlobalNamingResource: Class not found....
Hi together, I have a problem with the definition of a GlobalNamingResource. I tried to follow the instructions of the http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jndi-resources-howto.html bur it will not work... What I want is the following: I will have a shared Instance of a class which I define in server.xml My Enviroment is: win2000SP4 with jsdk1.4.2 tomcat4.1.27/24 Server.xml looks like this GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved / ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams Resource name=app/accessmanager auth=Container type=accessmanager.core.server.AccessManager / ResourceParams name=app/accessmanager parameter namefactory/name valueorg.apache.naming.factory.BeanFactory/value /parameter parameter nameconfigPath/name valueE:/dev/apache/Tomcat-4.1.24/shared/classes/AccessManager.properties/ value /parameter /ResourceParams /GlobalNamingResources in my web.xml I have an entry: resource-ref descriptionObject factory for MyBean instances./description res-ref-nameapp/accessmanager/res-ref-name res-typeaccessmanager.core.server.AccessManager/res-type res-authContainer/res-auth /resource-ref The jar file with the classes are in shared/libs (accessmanager.jar). When I start tomcat I always get the following Exception: 06.10.2003 17:52:37 org.apache.commons.modeler.Registry loadRegistry INFO: Loading registry information 06.10.2003 17:52:37 org.apache.commons.modeler.Registry getRegistry INFO: Creating new Registry instance 06.10.2003 17:52:37 org.apache.commons.modeler.Registry getServer INFO: Creating MBeanServer 06.10.2003 17:52:38 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 80 06.10.2003 17:52:38 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 443 GlobalResourcesLifecycleListener: Naming exception processing app: org.apache.naming.NamingContext:[EMAIL PROTECTED] javax.naming.NamingException: Class not found: accessmanager.core.server.AccessManager Starting service Tomcat-Standalone Apache Tomcat/4.1.27-LE-jdk14 what is wrong, why does this happen? shared/lib should be visible to the server? thanks in advance, Martin Grüneberg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problems with Property Files
Hi all, I have build a Package (jar) which should be used from different Contexts. I put the jar in the shared/lib/ folder from Tomcat and the classes are found by Tomcat. The Package needs for proper initialisation 2 .properties files (log4j.properties and an application specific one) I put these Property Files in the Jar but Tomcat ignore them (tried also to put them into shared/classes). During developing (Eclipse) the Property Files are always found when they are in the Classpath... Where do I have to put the Property Files to be found by my Package? thanks in advance, Martin Grüneberg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Logging Error in org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler processConnection
Hallo together, i have mystery errormessage. The scenario is: I develop a struts webapplication with eclipse 2.1.1 (WAST Tomcat plugin) struts uses common-logging and my backend programm uses log4j. When i start the application in eclipse with the WAST i can test my application. after a clicking a while and wait a short time (ca. 1 minute) i often get the following error message when clicking again on any link. 17.09.2003 12:30:43 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler processConnection SCHWERWIEGEND: Error reading request, ignored org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.Log4JCategoryLog does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.ja va:532) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.ja va:272) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.ja va:246) at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:395) at org.apache.tomcat.util.net.jsse.JSSESupport.init(JSSESupport.java:87) at org.apache.tomcat.util.net.jsse.JSSE14Support.init(JSSE14Support.java:99) at org.apache.tomcat.util.net.jsse.JSSE14Factory.getSSLSupport(JSSE14Factory.ja va:84) at org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLSupport(JSSEImpleme ntation.java:118) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:385) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:619) at java.lang.Thread.run(Thread.java:534) Caused by: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.Log4JCategoryLog does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.getLogConstructor(LogFactoryI mpl.java:416) at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.ja va:525) ... 11 more Caused by: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.Log4JCategoryLog does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.getLogConstructor(LogFactoryI mpl.java:412) ... 12 more I don't know how I can fix this. I already tried all different Logger configurations for the commons Logging in commons-logging.properties. I hope somebody knows the answer. Greetings, Martin Grüneberg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Is there nobody who could help me with my session problem?
First of all thank you Kief and Jrg for your answers. Ok, I am a beginner in webserver konfiguration and do not much know about "virtual hosting" and webserver things. I configured Tomcat with SSL like it is explained in the Doku. Because I will use Tomcat in a standalone configuration I changed the http Port to 80 and uncomment the connector for SSL on port 443. In my application a user will have a "shopping-basket" (my english is very bad :-( ) which is stored in the users session. When he will by the things in the basket the connection is changed from http to https. But when the session gets lost on changing protokoll and port, how will I get the session of the user? Do I have to implement my own sessionmanagment? (using PathInfo or so???) Another stupid question: Is it possible to configure http and https on the same port? Martin Jrg Ahrens wrote: Kief Morris wrote: Martin Grneberg typed the following on 01:42 AM 1/17/2001 +0100 Because cookies are disabled in many browsers, I prefere sessionmangment with urlrewriting. (server.xml -- noCookies) On normal http requests the sessionmanagment make a good job. But changing to a safe https SSL connection for sensitive data the session is lost and a new session is created. Every time I reload this (https) page a new session is returned!?? Tomcat won't add the session ID to a URL if the port numbers don't match, which they won't when you're moving from HTTP to HTTPS. If you reload the same URL, which doesn't have a session ID in it, and don't accept cookies, you aren't sending a session ID to Tomcat, so it has to generate a new session every time. Nope. The only thing I can think of, other than submitting a patch so Tomcat doesn't use the port number to determine whether a URL should be rewritten (I'm not sure whether such a patch would be accepted), is to to manually put the ID into the URL yourself. The Servlet Spec (2.3) says: A servlet context can not be shared across virtual hosts. But there is no definition for "virtual host". Using URL rewriting, it is up to tomcat, to define this. If tomcat is running standalone, this may be possible. Running as a backend for a webserver, it is not possible. Using cookies, it is up to the browser, to define the term "virtual host" as the browser stores the cookies for a host. As you might have expected different browsers take different decisions in this example: https://nohost.nowhere.net/... https://nohost.nowhere.net:443/... Netscape (at least running on linux) stores two cookies for two different hosts whereas IE (not on linux) uses the same cookie for both URLs. It should be left to the tomcat administrator, to define which ports belong to the same virtual host. Jrg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Sessionmanagement with SSL and DISABLED cookies?
Tomcat 3.2.1 standalone with SSL on JDK1.3 Win2K
I use the builtin sessionmanagment (session=request.getSession(true);) in a
small shopapp.
Because cookies are disabled in many browsers, I prefere
sessionmangment with urlrewriting. (server.xml -- noCookies)
On normal http requests the sessionmanagment make a good job but changing to
a
safe https SSL connection for sensitive data the session is lost and a new
session is
created. Every time I reload this (https) page a new session is returned!??
Is this a problem of the https protokoll is urlrewriting under https
impossible?
Is there a workaround to use the sessions without turning on cookies under
https?
Is there for example a way to manualy pass the sessionID and get the user
session like this:
session.getSession("sessionID");
need your help,
Martin
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
Is there nobody who could help me with my session problem?
Again my problem is:
Tomcat 3.2.1 standalone with SSL on JDK1.3 Win2K
I use the builtin ServletAPI - sessionmanagment
[session=request.getSession(true);]
in a small shopapp.
Because cookies are disabled in many browsers, I prefere
sessionmangment with urlrewriting. (server.xml -- noCookies)
On normal http requests the sessionmanagment make a good job.
But changing to a safe https SSL connection for sensitive data the session
is lost and a new session is created. Every time I reload this (https) page
a new session is returned!??
It seems to me that Tomcat can not rewrite the URL to safe the sessionID.
Is this a problem of the https protokoll is urlrewriting under https
impossible?
Is there a workaround to use the sessions without turning on cookies under
https?
Is there for example a way to manualy pass the sessionID and get the user
session like this:
session.getSession("sessionID");
need your help,
Martin
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
