On 16/10/2010 13:55, Juliano Daloia de Carvalho wrote:
> yes Pid, we can say that is a kind of encryption.
What do you gain by encrypting the session id?
> do you know which is the first tomcat class that receives the client request?
>
> do you know which is the last tomcat class that is used be
: Tomcat Users List
Enviadas: Sábado, 16 de Outubro de 2010 4:01:23
Assunto: Re: Res: Res: JSESSIONID Cookie handle customizing
So you want encrypt the session id?
p
On 15 Oct 2010, at 17:33, Juliano Daloia de Carvalho
wrote:
> I need to change the value of the sessionID. If I let this to be d
to login page.
>
>
>
>
> - Mensagem original
> De: Pid
> Para: Tomcat Users List
> Enviadas: Sexta-feira, 15 de Outubro de 2010 13:19:54
> Assunto: Re: Res: JSESSIONID Cookie handle customizing
>
> On 15/10/2010 17:02, Juliano Daloia de Carvalho wrote:
>> I
Enviadas: Sexta-feira, 15 de Outubro de 2010 15:55:27
Assunto: Re: Res: JSESSIONID Cookie handle customizing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 10/15/2010 2:50 PM, Mark Thomas wrote:
> On 15/10/2010 19:44, Christopher Schultz wrote:
>> This can be done with a Valve, bu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 10/15/2010 2:50 PM, Mark Thomas wrote:
> On 15/10/2010 19:44, Christopher Schultz wrote:
>> This can be done with a Valve, but I'm not exactly sure how to insert a
>> Valve before the authentication valve, which is (I think) what you'd
>> hav
On 15/10/2010 19:44, Christopher Schultz wrote:
> This can be done with a Valve, but I'm not exactly sure how to insert a
> Valve before the authentication valve, which is (I think) what you'd
> have to do.
Option 1. Auth Valves are on the Context so define Your valve on the
Host or Engine.
Optio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pid,
On 10/15/2010 12:19 PM, Pid wrote:
> On 15/10/2010 17:02, Juliano Daloia de Carvalho wrote:
>> I'll inject code using an agent.
>>
>> The thing is that I need to know for sure the message entering point on
>> Tomcat,
>> and the leaving point a
> From: Juliano Daloia de Carvalho [mailto:judac2...@yahoo.com.br]
> Subject: Res: Res: Res: JSESSIONID Cookie handle customizing
> I want to create one little class that handle on the
> server side the cookie information that can come on
> the header, make a preprocessing wh
message from
the
client and the last one before send it to the client.
Tks
Juliano
- Mensagem original
De: Mark Thomas
Para: Tomcat Users List
Enviadas: Sexta-feira, 15 de Outubro de 2010 13:56:07
Assunto: Re: Res: Res: JSESSIONID Cookie handle customizing
On 15/10/2010 17:47
On 15/10/2010 17:47, Juliano Daloia de Carvalho wrote:
> Chuck, I can't say explicit why I need to use this info on the session. but
> is
> related with security issues.
>
> and you are right, is much more plausible to make this as you said, but I
> can't afford to do that.
If you need to con
9146-4645
--
- Mensagem original
De: "Caldarale, Charles R"
Para: Tomcat Users List
Enviadas: Sexta-feira, 15 de Outubro de 2010 13:37:12
Assunto: RE: Res: JSESSIONID Cookie handle customizing
> From: Juliano Daloia de Carvalho [mailto:judac2...@yahoo.
> From: Juliano Daloia de Carvalho [mailto:judac2...@yahoo.com.br]
> Subject: Res: Res: JSESSIONID Cookie handle customizing
> I need to change the value of the sessionID.
Why? Using a separate parameter or cookie to hold your specific additional
information would seem to be a
13:19:54
Assunto: Re: Res: JSESSIONID Cookie handle customizing
On 15/10/2010 17:02, Juliano Daloia de Carvalho wrote:
> I'll inject code using an agent.
>
> The thing is that I need to know for sure the message entering point on
> Tomcat,
>
> and the leaving point also,
On 15/10/2010 17:02, Juliano Daloia de Carvalho wrote:
> I'll inject code using an agent.
>
> The thing is that I need to know for sure the message entering point on
> Tomcat,
> and the leaving point also, so I can be able to sniff if the clients message
> has
> the Cookie info with JSESSIONID
I'll inject code using an agent.
The thing is that I need to know for sure the message entering point on Tomcat,
and the leaving point also, so I can be able to sniff if the clients message
has
the Cookie info with JSESSIONID= or not. and before sending to check if tomcat
sent set-cookie on he
15 matches
Mail list logo