Are you simply trying to test it or planning for production?
For production, I think it would be good to place Apache with https in front as
reverse proxy. In case, testing, did you check what does you Catalina log says?
Many Thanks,
Dhruv
Sent from my iPad
On Dec 3, 2011, at 11:48 PM, Pankaj
Hello Everyone,
I am trying to configure SSL on Tomcat 6 and want to run my localhost on
https. I have created a self signed certificate and provided the same in
Tomcat's server.xml
After starting the server, using netstat I can see that port 8443 is in
listening mode but https://localhost:8443 i
Your link contains the same solution which Dhruv had suggested
- abandoning the current cookie and adding a new cookie in the response.
And this won't redirect to a login page, as code itself will delete the
cookie, generate a new cookie and allow the user to log into the
application by redirectin
Hi All,
Thanks for your suggestion and sorry for the late reply! :)
@Dhruv
What do you mean by destroying the cookie? Is it like adding a custom
cookie and not the default ASP.NET_SesssionId?
@Deepayan
I have forwarded your link to C# fix of the attack. Will update if that
works.
@Pankaj
I also
And the funny part is, the solution contains the same code which i mentioned
with comments "destroy the session".
Many Thanks,
Dhruv
Sent from my iPad
On Dec 3, 2011, at 10:27 PM, Pankaj Upadhyay wrote:
> Your link contains the same solution which Dhruv had suggested - abandoning
> the curre
