Re: Res: Res: Res: JSESSIONID Cookie handle customizing

2010-10-16 Thread Pid
On 16/10/2010 13:55, Juliano Daloia de Carvalho wrote: > yes Pid, we can say that is a kind of encryption. What do you gain by encrypting the session id? > do you know which is the first tomcat class that receives the client request? > > do you know which is the last tomcat class that is used be

Res: Res: Res: JSESSIONID Cookie handle customizing

2010-10-16 Thread Juliano Daloia de Carvalho
: Tomcat Users List Enviadas: Sábado, 16 de Outubro de 2010 4:01:23 Assunto: Re: Res: Res: JSESSIONID Cookie handle customizing So you want encrypt the session id? p On 15 Oct 2010, at 17:33, Juliano Daloia de Carvalho wrote: > I need to change the value of the sessionID. If I let this to be d

Re: Res: Res: JSESSIONID Cookie handle customizing

2010-10-16 Thread Pid *
to login page. > > > > > - Mensagem original > De: Pid > Para: Tomcat Users List > Enviadas: Sexta-feira, 15 de Outubro de 2010 13:19:54 > Assunto: Re: Res: JSESSIONID Cookie handle customizing > > On 15/10/2010 17:02, Juliano Daloia de Carvalho wrote: >> I

Res: Res: JSESSIONID Cookie handle customizing

2010-10-15 Thread Juliano Daloia de Carvalho
Enviadas: Sexta-feira, 15 de Outubro de 2010 15:55:27 Assunto: Re: Res: JSESSIONID Cookie handle customizing -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 10/15/2010 2:50 PM, Mark Thomas wrote: > On 15/10/2010 19:44, Christopher Schultz wrote: >> This can be done with a Valve, bu

Re: Res: JSESSIONID Cookie handle customizing

2010-10-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 10/15/2010 2:50 PM, Mark Thomas wrote: > On 15/10/2010 19:44, Christopher Schultz wrote: >> This can be done with a Valve, but I'm not exactly sure how to insert a >> Valve before the authentication valve, which is (I think) what you'd >> hav

Re: Res: JSESSIONID Cookie handle customizing

2010-10-15 Thread Mark Thomas
On 15/10/2010 19:44, Christopher Schultz wrote: > This can be done with a Valve, but I'm not exactly sure how to insert a > Valve before the authentication valve, which is (I think) what you'd > have to do. Option 1. Auth Valves are on the Context so define Your valve on the Host or Engine. Optio

Re: Res: JSESSIONID Cookie handle customizing

2010-10-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 10/15/2010 12:19 PM, Pid wrote: > On 15/10/2010 17:02, Juliano Daloia de Carvalho wrote: >> I'll inject code using an agent. >> >> The thing is that I need to know for sure the message entering point on >> Tomcat, >> and the leaving point a

RE: Res: Res: JSESSIONID Cookie handle customizing

2010-10-15 Thread Caldarale, Charles R
> From: Juliano Daloia de Carvalho [mailto:judac2...@yahoo.com.br] > Subject: Res: Res: Res: JSESSIONID Cookie handle customizing > I want to create one little class that handle on the > server side the cookie information that can come on > the header, make a preprocessing wh

Res: Res: Res: JSESSIONID Cookie handle customizing

2010-10-15 Thread Juliano Daloia de Carvalho
message from the client and the last one before send it to the client. Tks Juliano - Mensagem original De: Mark Thomas Para: Tomcat Users List Enviadas: Sexta-feira, 15 de Outubro de 2010 13:56:07 Assunto: Re: Res: Res: JSESSIONID Cookie handle customizing On 15/10/2010 17:47

Re: Res: Res: JSESSIONID Cookie handle customizing

2010-10-15 Thread Mark Thomas
On 15/10/2010 17:47, Juliano Daloia de Carvalho wrote: > Chuck, I can't say explicit why I need to use this info on the session. but > is > related with security issues. > > and you are right, is much more plausible to make this as you said, but I > can't afford to do that. If you need to con

Res: Res: JSESSIONID Cookie handle customizing

2010-10-15 Thread Juliano Daloia de Carvalho
9146-4645 -- - Mensagem original De: "Caldarale, Charles R" Para: Tomcat Users List Enviadas: Sexta-feira, 15 de Outubro de 2010 13:37:12 Assunto: RE: Res: JSESSIONID Cookie handle customizing > From: Juliano Daloia de Carvalho [mailto:judac2...@yahoo.

RE: Res: JSESSIONID Cookie handle customizing

2010-10-15 Thread Caldarale, Charles R
> From: Juliano Daloia de Carvalho [mailto:judac2...@yahoo.com.br] > Subject: Res: Res: JSESSIONID Cookie handle customizing > I need to change the value of the sessionID. Why? Using a separate parameter or cookie to hold your specific additional information would seem to be a

Res: Res: JSESSIONID Cookie handle customizing

2010-10-15 Thread Juliano Daloia de Carvalho
13:19:54 Assunto: Re: Res: JSESSIONID Cookie handle customizing On 15/10/2010 17:02, Juliano Daloia de Carvalho wrote: > I'll inject code using an agent. > > The thing is that I need to know for sure the message entering point on > Tomcat, > > and the leaving point also,

Re: Res: JSESSIONID Cookie handle customizing

2010-10-15 Thread Pid
On 15/10/2010 17:02, Juliano Daloia de Carvalho wrote: > I'll inject code using an agent. > > The thing is that I need to know for sure the message entering point on > Tomcat, > and the leaving point also, so I can be able to sniff if the clients message > has > the Cookie info with JSESSIONID

Res: JSESSIONID Cookie handle customizing

2010-10-15 Thread Juliano Daloia de Carvalho
I'll inject code using an agent. The thing is that I need to know for sure the message entering point on Tomcat, and the leaving point also, so I can be able to sniff if the clients message has the Cookie info with JSESSIONID= or not. and before sending to check if tomcat sent set-cookie on he