RE: SSL Session expires every request
Hi Chuck!!! Thanks for your help!! The problem is solved :) I don't know what was the problem, but it is somewhere in my web application. I discovered that when I try to create a new web application, with the same basic configurations. In my new web application the session is maintained and everything works fine!! Thanks any away :-) Regards from Braga, Portugal Bárbara Vieira -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: sábado, 1 de Dezembro de 2007 18:46 To: Tomcat Users List Subject: RE: SSL Session expires every request > From: Bárbara Vieira [mailto:[EMAIL PROTECTED] > Subject: RE: SSL Session expires every request > > However, when the user is authenticated using a CERT, > all the sessions are null : HttpSession in Servlets and > Session(Internal Session) in my Valve. The info is interesting, but you didn't answer my question: > > How are you retrieving the session? A code sample would be good. Note that the Servlet API spec indicates that HttpServletRequest.getSession() should be called prior to committing the response; are you complying with that? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Session expires every request
> From: Bárbara Vieira [mailto:[EMAIL PROTECTED] > Subject: RE: SSL Session expires every request > > However, when the user is authenticated using a CERT, > all the sessions are null : HttpSession in Servlets and > Session(Internal Session) in my Valve. The info is interesting, but you didn't answer my question: > > How are you retrieving the session? A code sample would be good. Note that the Servlet API spec indicates that HttpServletRequest.getSession() should be called prior to committing the response; are you complying with that? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Session expires every request
Hi Chuck! That's what I'm doing : - I had implemented a valve that extends FormAuthenticator to provide 2 authentications methods at the same time : FORM and CLIENT_CERT. - Until this week everything worked fine : I can authenticate the users with 2 authentications methods, and the session is maintained. Yesterday, when I try to accede to HttpSession in Servlets, what's happen was: when the user is authenticated using FORM method, HttpSession isn't null in servlets, neither internal session(Session) in valve. However, when the user is authenticated using a CERT, all the sessions are null : HttpSession in Servlets and Session(Internal Session) in my Valve. - Well, I thought that the problem was in my valve, so I disable my valve, and in my web application I configured only one authentication method - CLIENT_CERT. However, the HttpSession was still null. - The strange thing is that everything works fine - I can authenticate the user using CLIENT_CERT method, and retrieve to him the requested URL and I have access to Principal in the HttpServletRequest object. But, when there is no session. - I had checked if the browsers accept cookies too, and it accepts. Do you have any idea of what's happen?! Thanks, Regards from Braga, Portugal Bárbara Vieira -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: sábado, 1 de Dezembro de 2007 00:30 To: Tomcat Users List Subject: RE: SSL Session expires every request > From: Bárbara Vieira [mailto:[EMAIL PROTECTED] > Subject: RE: SSL Session expires every request > > HttpSession wasn't null in the beginning, when I started > my implementation. However, now is null in every request. How are you retrieving the session? A code sample would be good. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Session expires every request
Vimal Kumar wrote: > I think you mistook for somebody elese Chuck Charles No he hasn't. Chuck, as usual, is spot on. To expand a little on his post: 1. Read this: http://wiki.apache.org/tomcat/FAQ/Tomcat_User 2. In particular read this link: http://www.catb.org/~esr/faqs/smart-questions.html 3. Try Google. 4. Don't hijack threads. At the risk of boring those on the list that have seen this a thousand times before... When starting a new thread (ie sending a message to the list about a new topic) please do not reply to an existing message. This is known as thread hijacking and to many of the list archiving services and mail clients used by list subscribers this makes your new message appear as part of the old thread. This makes it harder for other users to find relevant information when searching the lists. It should also be noted that many list subscribers automatically ignore any messages that hijack another thread. The correct procedure is to create a new message with a new subject. This will start a new thread. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Session expires every request
> From: Bárbara Vieira [mailto:[EMAIL PROTECTED] > Subject: RE: SSL Session expires every request > > HttpSession wasn't null in the beginning, when I started > my implementation. However, now is null in every request. How are you retrieving the session? A code sample would be good. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Session expires every request
This is the first time I am ever asking a question, coz I just got registered here now. I think you mistook for somebody elese Chuck Charles Vimal Message Received: Nov 30 2007, 11:58 PM From: "Caldarale, Charles R" <[EMAIL PROTECTED]> To: "Tomcat Users List" Cc: Subject: RE: SSL Session expires every request > From: Vimal Kumar [mailto:[EMAIL PROTECTED] > Subject: RE: SSL Session expires every request > > Do u know how to configure PHP 5.2.5 on Tomcat 6.0. Please > let me know about it. Now you've become really annoying - you've hijacked threads, asked the same question multiple times, and apparently haven't bothered to do any research on your own. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Session expires every request
Hi Martin! I'm using 2 connectors : non-SSL HTTP/1.1 Connector on port 8080 and SSL HTTP/1.1 Connector on port 8443. Tomcat's connectors are very well configured, because HttpSession wasn't null in the beginning, when I started my implementation. However, now is null in every request. I can authenticate the client, and the request has a principal that is not null. But session is strangely null. -Original Message- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 30 de Novembro de 2007 23:07 To: Tomcat Users List Subject: Re: SSL Session expires every request Barbara Filip asks if you are using non SSL HTTP/1.1 HTTPConnector ***or*** SSL HTTP/1.1 Connector (presumably with Client certs) ? M-- - Original Message - From: "Filip Hanik - Dev Lists" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Friday, November 30, 2007 2:16 PM Subject: Re: SSL Session expires every request > what session are you talking about, the HTTP session or the actual SSL > session? > > Filip > > Bárbara Vieira wrote: > > > > > > Hi there!! > > > > I have a problem with SSL Session in Tomcat. Im using CLIENT_CERT > > authentication to authenticate users in my web application. But, the session > > expires at every request, in all browsers : Opera, IE, Firefox and > > Netscape. This is not make any sense, and I dont know solve this problem L > > > > If somebody can help, I really appreciate that. > > > > > > > > Thanks for everything, > > > > Regards from Braga, Portugal > > > > Bárbara Vieira > > > > > > > > > > > > > > > > No virus found in this incoming message. > > Checked by AVG Free Edition. > > Version: 7.5.503 / Virus Database: 269.16.10/1160 - Release Date: 11/29/2007 8:32 PM > > > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Session expires every request
> From: Vimal Kumar [mailto:[EMAIL PROTECTED] > Subject: RE: SSL Session expires every request > > Do u know how to configure PHP 5.2.5 on Tomcat 6.0. Please > let me know about it. Now you've become really annoying - you've hijacked threads, asked the same question multiple times, and apparently haven't bothered to do any research on your own. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Session expires every request
Hello, Do u know how to configure PHP 5.2.5 on Tomcat 6.0. Please let me know about it. Vimal Message Received: Nov 30 2007, 11:27 PM From: "Bárbara Vieira" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" Cc: Subject: RE: SSL Session expires every request Hi carlo!! Yes, it validates the certs. The certs are valid :) When the application is running all pages are showed( all pages are protected - under ssl), but when I test if HttpSession in the HttpServletRequest exists, it is null. -Original Message- From: Carlo Politi [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 30 de Novembro de 2007 18:47 To: Tomcat Users List Subject: Re: SSL Session expires every request but the certs are valids? - Messaggio originale - Da: Bárbara Vieira <[EMAIL PROTECTED]> A: Tomcat Users List Inviato: Venerdì 30 novembre 2007, 18:22:32 Oggetto: SSL Session expires every request Hi there!! I have a problem with SSL Session in Tomcat. I’m using CLIENT_CERT authentication to authenticate users in my web application. But, the session expires at every request, in all browsers : Opera, IE, Firefox and Netscape. This is not make any sense, and I don’t know solve this problem L If somebody can help, I really appreciate that. Thanks for everything, Regards from Braga, Portugal Bárbara Vieira ___ Yahoo! Messenger with Voice: chiama da PC a telefono a tariffe esclusive http://it.messenger.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Session expires every request
Barbara Filip asks if you are using non SSL HTTP/1.1 HTTPConnector ***or*** SSL HTTP/1.1 Connector (presumably with Client certs) ? M-- - Original Message - From: "Filip Hanik - Dev Lists" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Friday, November 30, 2007 2:16 PM Subject: Re: SSL Session expires every request > what session are you talking about, the HTTP session or the actual SSL > session? > > Filip > > Bárbara Vieira wrote: > > > > > > Hi there!! > > > > I have a problem with SSL Session in Tomcat. I’m using CLIENT_CERT > > authentication to authenticate users in my web application. But, the session > > expires at every request, in all browsers : Opera, IE, Firefox and > > Netscape. This is not make any sense, and I don’t know solve this problem L > > > > If somebody can help, I really appreciate that. > > > > > > > > Thanks for everything, > > > > Regards from Braga, Portugal > > > > Bárbara Vieira > > > > > > > > > > > > > > > > No virus found in this incoming message. > > Checked by AVG Free Edition. > > Version: 7.5.503 / Virus Database: 269.16.10/1160 - Release Date: 11/29/2007 8:32 PM > > > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Session expires every request
I have this problem with all my web applications. It already worked. But now isn't working and I need to know how to solve the problem. I'll try almost everything: install a new Tomcat, remove additional configurations in web applications, etc. But nothing works. -Original Message- From: Carlo Politi [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 30 de Novembro de 2007 22:31 To: Tomcat Users List Subject: Re: SSL Session expires every request m very strange behaviour but have you had this strange thing only with a particular application or with all? - Messaggio originale - Da: Bárbara Vieira <[EMAIL PROTECTED]> A: Tomcat Users List Inviato: Venerdì 30 novembre 2007, 23:26:39 Oggetto: RE: SSL Session expires every request Hi carlo!! Yes, it validates the certs. The certs are valid :) When the application is running all pages are showed( all pages are protected - under ssl), but when I test if HttpSession in the HttpServletRequest exists, it is null. ___ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Session expires every request
in my thesis i worked with SSL and mutual authentication between Apache HTTP Server and Tomcat. I didn't use Client-cert and i was able to access to HTTPServletRequest - Messaggio originale - Da: Bárbara Vieira <[EMAIL PROTECTED]> A: Tomcat Users List Inviato: Venerdì 30 novembre 2007, 23:28:01 Oggetto: RE: SSL Session expires every request I'm talking about HTTPSession. I think that I cannot accede to SSL session from HTTPServletRequest. -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 30 de Novembro de 2007 19:16 To: Tomcat Users List Subject: Re: SSL Session expires every request what session are you talking about, the HTTP session or the actual SSL session? Filip Bárbara Vieira wrote: > > > Hi there!! > > I have a problem with SSL Session in Tomcat. I’m using CLIENT_CERT > authentication to authenticate users in my web application. But, the session > expires at every request, in all browsers : Opera, IE, Firefox and > Netscape. This is not make any sense, and I don’t know solve this problem L > > If somebody can help, I really appreciate that. > > > > Thanks for everything, > > Regards from Braga, Portugal > > Bárbara Vieira > > > > > > > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.503 / Virus Database: 269.16.10/1160 - Release Date: 11/29/2007 8:32 PM > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail: http://it.docs.yahoo.com/nowyoucan.html
Re: SSL Session expires every request
m very strange behaviour but have you had this strange thing only with a particular application or with all? - Messaggio originale - Da: Bárbara Vieira <[EMAIL PROTECTED]> A: Tomcat Users List Inviato: Venerdì 30 novembre 2007, 23:26:39 Oggetto: RE: SSL Session expires every request Hi carlo!! Yes, it validates the certs. The certs are valid :) When the application is running all pages are showed( all pages are protected - under ssl), but when I test if HttpSession in the HttpServletRequest exists, it is null. ___ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it
RE: SSL Session expires every request
I'm talking about HTTPSession. I think that I cannot accede to SSL session from HTTPServletRequest. -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 30 de Novembro de 2007 19:16 To: Tomcat Users List Subject: Re: SSL Session expires every request what session are you talking about, the HTTP session or the actual SSL session? Filip Bárbara Vieira wrote: > > > Hi there!! > > I have a problem with SSL Session in Tomcat. Im using CLIENT_CERT > authentication to authenticate users in my web application. But, the session > expires at every request, in all browsers : Opera, IE, Firefox and > Netscape. This is not make any sense, and I dont know solve this problem L > > If somebody can help, I really appreciate that. > > > > Thanks for everything, > > Regards from Braga, Portugal > > Bárbara Vieira > > > > > > > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.503 / Virus Database: 269.16.10/1160 - Release Date: 11/29/2007 8:32 PM > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Session expires every request
Hi carlo!! Yes, it validates the certs. The certs are valid :) When the application is running all pages are showed( all pages are protected - under ssl), but when I test if HttpSession in the HttpServletRequest exists, it is null. -Original Message- From: Carlo Politi [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 30 de Novembro de 2007 18:47 To: Tomcat Users List Subject: Re: SSL Session expires every request but the certs are valids? - Messaggio originale - Da: Bárbara Vieira <[EMAIL PROTECTED]> A: Tomcat Users List Inviato: Venerdì 30 novembre 2007, 18:22:32 Oggetto: SSL Session expires every request Hi there!! I have a problem with SSL Session in Tomcat. I’m using CLIENT_CERT authentication to authenticate users in my web application. But, the session expires at every request, in all browsers : Opera, IE, Firefox and Netscape. This is not make any sense, and I don’t know solve this problem L If somebody can help, I really appreciate that. Thanks for everything, Regards from Braga, Portugal Bárbara Vieira ___ Yahoo! Messenger with Voice: chiama da PC a telefono a tariffe esclusive http://it.messenger.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Session expires every request
Hi Martin! is 2.(2 minutes). I believe that's not the problem, because CLIENT_CERT authentication already worked with session-timeout = 2. -Original Message- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 30 de Novembro de 2007 18:37 To: Tomcat Users List Subject: Re: SSL Session expires every request which value is session-timeout assgined to in web.xml? M-- - Original Message - From: "Bárbara Vieira" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" Sent: Friday, November 30, 2007 12:22 PM Subject: SSL Session expires every request Hi there!! I have a problem with SSL Session in Tomcat. I'm using CLIENT_CERT authentication to authenticate users in my web application. But, the session expires at every request, in all browsers : Opera, IE, Firefox and Netscape. This is not make any sense, and I don't know solve this problem L If somebody can help, I really appreciate that. Thanks for everything, Regards from Braga, Portugal Bárbara Vieira - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Session expires every request
what session are you talking about, the HTTP session or the actual SSL session? Filip Bárbara Vieira wrote: Hi there!! I have a problem with SSL Session in Tomcat. I’m using CLIENT_CERT authentication to authenticate users in my web application. But, the session expires at every request, in all browsers : Opera, IE, Firefox and Netscape. This is not make any sense, and I don’t know solve this problem L If somebody can help, I really appreciate that. Thanks for everything, Regards from Braga, Portugal Bárbara Vieira No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.10/1160 - Release Date: 11/29/2007 8:32 PM - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Session expires every request
but the certs are valids? - Messaggio originale - Da: Bárbara Vieira <[EMAIL PROTECTED]> A: Tomcat Users List Inviato: Venerdì 30 novembre 2007, 18:22:32 Oggetto: SSL Session expires every request Hi there!! I have a problem with SSL Session in Tomcat. I’m using CLIENT_CERT authentication to authenticate users in my web application. But, the session expires at every request, in all browsers : Opera, IE, Firefox and Netscape. This is not make any sense, and I don’t know solve this problem L If somebody can help, I really appreciate that. Thanks for everything, Regards from Braga, Portugal Bárbara Vieira ___ Yahoo! Messenger with Voice: chiama da PC a telefono a tariffe esclusive http://it.messenger.yahoo.com
Re: SSL Session expires every request
which value is session-timeout assgined to in web.xml? M-- - Original Message - From: "Bárbara Vieira" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" Sent: Friday, November 30, 2007 12:22 PM Subject: SSL Session expires every request Hi there!! I have a problem with SSL Session in Tomcat. I'm using CLIENT_CERT authentication to authenticate users in my web application. But, the session expires at every request, in all browsers : Opera, IE, Firefox and Netscape. This is not make any sense, and I don't know solve this problem L If somebody can help, I really appreciate that. Thanks for everything, Regards from Braga, Portugal Bárbara Vieira - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
