On Mon, Nov 2, 2009 at 5:03 AM, Pid p...@pidster.com wrote:
On 02/11/2009 10:06, S Arvind wrote:
Hi Tomcat developers,
Bascially my requirement is ability to control the session
sharing in browser. Till now we maintained each application as differnet
context but pointing to same
, 2009 at 1:00 AM, Sam Gendler sgend...@vid.me wrote:
That looks like it will work, but it doesn't explain why the connector
would think port 80 was appropriate. I could see port 8090 showing up, but
given that the scheme is https and there was no port number in the request,
surely it should have
? It just seems
like a bug to me. It does look like proxyPort can be used to force it to
443, though, so that will work.
On Tue, Oct 13, 2009 at 12:19 AM, Peter Crowther
peter.crowt...@melandra.com wrote:
2009/10/13 Sam Gendler sgend...@vid.me:
That method uses
request.getScheme(), to retrieve
No. That is by design. The session ID is almost as valuable as the
password. If you need SSL to protect the password, you should use SSL to
protect the session ID.
Well, that's fairly application specific, but the argument has also been
done to death elsewhere. Workaround is already in
[quickie synopsis]
A request arriving on a connector configured for scheme=https and with
secure=true is generating absolute redirect urls with scheme=https and port
= 80 (https://localhost:80/path.html) because incoming request was on 443
and didn't have an explicit port in the Host header.
at
the incorrect default of 80 when no port is specified in the url.
On Mon, Oct 12, 2009 at 9:59 PM, Sam Gendler sgend...@vid.me wrote:
[quickie synopsis]
A request arriving on a connector configured for scheme=https and with
secure=true is generating absolute redirect urls with scheme=https