Hi,
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Thursday, June 19, 2014 5:40 PM
I haven't followed all of this discussion, but as for deleting a
Cookie, I think the problem is that there isn't an explicit
Delete-Cookie header; but
HTTP/1.1 302 Found
Set-Cookie: JSESSIONIDSSO=
CF7B7727443A3AAD1AC3AA033E4D98BE; Expires=Thu, 01-Jan-1970 00:00:10 GMT
(...)
I filed this issue into bugzilla:
https://issues.apache.org/bugzilla/show_bug.cgi?id=5
Best regards,
Konstantin Kolinko
Krishna Meduri -X (radmedur - HCL TECHNOLOGIES LIMITED at Cisco)
Sent: Thursday, June 19, 2014 7:47 PM
To: Tomcat Users List
Subject: RE: Regarding JSESSIONIDSSO Cookie maintained by tomcat
Ofcourse, I am not waiting :-)
-Original Message-
From: Christopher Schultz [mailto:ch
maintained by tomcat
Hi,
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, June 18, 2014 4:23 PM
To: Tomcat Users List
Subject: Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Radha,
On 6/19/14, 6:32 AM, Radha Krishna Meduri -X (radmedur - HCL
TECHNOLOGIES LIMITED at Cisco) wrote:
Thanks Konstantin. This is what I am asking in my very first mail.
Why can't we empty the value in case Cookie is expired.
Konstantin
Ofcourse, I am not waiting :-)
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Thursday, June 19, 2014 7:44 PM
To: Tomcat Users List
Subject: Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
JSESSIONIDSSO Cookie maintained by tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256
Konstantin,
On 6/18/14, 5:34 AM, Konstantin Kolinko wrote:
2014-06-18 11:57 GMT+04:00 Konstantin Kolinko
knst.koli...@gmail.com:
HTTP/1.1 302 Found Set-Cookie:
JSESSIONIDSSO
Hi Tomcat Users,
We are using Tomcat 6.0.37 version. I have few questions regarding
JSESSIONIDSSO cookie generated by tomcat.
As you know, in general each cookie needs to set httpOnly and Secure flags.
I understand both JSESSIONID and JSESSIONIDSSO cookies are maintained by Tomcat
for session
2014-06-18 10:45 GMT+04:00 Radha Krishna Meduri -X (radmedur - HCL
TECHNOLOGIES LIMITED at Cisco) radme...@cisco.com:
Hi Tomcat Users,
We are using Tomcat 6.0.37 version. I have few questions regarding
JSESSIONIDSSO cookie generated by tomcat.
As you know, in general each cookie needs to set
through MitM as the JSESSIONIDSSO cookie value is present.
What do you think?
-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
Sent: Wednesday, June 18, 2014 1:27 PM
To: Tomcat Users List
Subject: Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat
2014-06-18 10
2014-06-18 12:13 GMT+04:00 Radha Krishna Meduri -X (radmedur - HCL
TECHNOLOGIES LIMITED at Cisco) radme...@cisco.com:
Thanks Konstantin for your quick reply.
Actually Security Scanners are thinking that secure and httpOnly flag is
not set and raising as issue. I would like to set these values
2014-06-18 11:57 GMT+04:00 Konstantin Kolinko knst.koli...@gmail.com:
HTTP/1.1 302 Found
Set-Cookie: JSESSIONIDSSO=CF7B7727443A3AAD1AC3AA033E4D98BE; Expires=Thu,
01-Jan-1970 00:00:10 GMT
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Set-Cookie:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Konstantin,
On 6/18/14, 5:34 AM, Konstantin Kolinko wrote:
2014-06-18 11:57 GMT+04:00 Konstantin Kolinko
knst.koli...@gmail.com:
HTTP/1.1 302 Found Set-Cookie:
JSESSIONIDSSO=CF7B7727443A3AAD1AC3AA033E4D98BE; Expires=Thu,
01-Jan-1970 00:00:10
Hi,
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, June 18, 2014 4:23 PM
To: Tomcat Users List
Subject: Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Konstantin
14 matches
Mail list logo