Hi,
it seems that Tomcat 8.0.30 silently transforms a redirect response into
a not-found response.
https://bz.apache.org/bugzilla/show_bug.cgi?id=56917 introduces redirect
to relative URLs.
Before 8.0.30 a redirect URL string was simply returned to the client.
Now it has to be a valid URI
Am 18.01.16 um 09:35 schrieb Kaouthar Ghorbel:
Hello everyone I want to retrieve the ids of all active sessions in the
servlet.
thanks for your help :)
Hi Kaouthar,
look for the HttpSessionListener and collect that information on your own:
Am 12.01.16 um 13:24 schrieb Mark Thomas:
On 12/01/2016 11:06, Thomas Scheffler wrote:
Am 11.01.16 um 22:05 schrieb Mark Thomas:
Found on
http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection
the description how to switch the "feature" off.
I will file two
Am 13.01.16 um 15:48 schrieb Christopher Schultz:
Thomas,
On 1/13/16 8:31 AM, Thomas Scheffler wrote:
Am 12.01.16 um 13:24 schrieb Mark Thomas:
On 12/01/2016 11:06, Thomas Scheffler wrote:
Am 11.01.16 um 22:05 schrieb Mark Thomas:
Found on
http://www.tomcatexpert.com/blog/2011/04/25
Am 12.01.16 um 13:24 schrieb Mark Thomas:
On 12/01/2016 11:06, Thomas Scheffler wrote:
Am 11.01.16 um 22:05 schrieb Mark Thomas:
Found on
http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection
the description how to switch the "feature" off.
I will file two
Am 11.01.16 um 22:05 schrieb Mark Thomas:
Found on
http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection
the description how to switch the "feature" off.
I will file two bugs soon describing the issues I had. Hopefully they
will be fixed.
1.) if using
Am 12.01.16 um 14:41 schrieb Mark Thomas:
1.) are not required as every request belonging to the same session are
already authenticated. After login() other request of the same session
will not return 'null' on getRemoteUser() or getUserPrincipal()
2.) are not required, as authenticate() use
Am 08.01.16 um 17:02 schrieb Christopher Schultz:
Tomcat will change the session identifier when the user authenticates.
If you are creating a session before login, you'll see that the session
id changes when authentication is successful. This is to protect against
session-fixation attacks.
I
Am 11.01.16 um 12:21 schrieb André Warnier (tomcat):
So the solution in your case, is to make sure, in your application
logic, that the first unauthenticated request would be totally processed
by the server, and the response processed by the client, before the
client sends a second request.
If
Hi,
I have a very rare problem regarding session handling. It is
reproducible only on a single server environment. Of cause this is the
productive server.
I use container authentication and for simplicity 'tomcat-user.xml'.
Login is done via HttpServletRequest.login() method, whenever I
Am 08.01.16 um 11:43 schrieb Olaf Kock:
Is there any chance that the first and correctly authenticated cookies
(despite the debug output "secure=false") are https-only cookies and
won't get transmitted in http, thus triggering new sessions? E.g. any
chance they get rewritten at another level
Am 08.01.16 um 14:03 schrieb André Warnier (tomcat):
Hi Thomas.
It is a bit difficult to figure out where the problem really is, without
having the full picture of what is going on (your web.xml configuration,
the order and precise timing in which requests really happen etc.).
But one thing I
Hi,
I recently noticed that Tomcat 8.0.5 does not invalidate cache entries
for web resources.
Here are the steps to reproduce:
1. make /foo.html available through a jar file -
META-INF/resources/foo.html
2. Open foo.html in your browser
3. Add a new file foo.html inside you webapp
Hi,
I noticed an incompatibility after testing my web application with
Tomcat 8 RC5 and Tomcat 8.0.1
I allow users of my web application to configure the web application
with external configuration. This is also where the user is allowed to
specify additional libraries to load into the web
Am 10.02.2014 12:58, schrieb Mark Thomas:
On 10/02/2014 10:58, Thomas Scheffler wrote:
Hi,
I noticed an incompatibility after testing my web application with
Tomcat 8 RC5 and Tomcat 8.0.1
I allow users of my web application to configure the web application
with external configuration
Am 10.02.2014 14:43, schrieb Mark Thomas:
On 10/02/2014 12:59, Thomas Scheffler wrote:
Am 10.02.2014 12:58, schrieb Mark Thomas:
On 10/02/2014 10:58, Thomas Scheffler wrote:
Hi,
I noticed an incompatibility after testing my web application with
Tomcat 8 RC5 and Tomcat 8.0.1
I allow users
16 matches
Mail list logo
