I have a scenario right now I need help with.
My Tomcat is configured for SSL, client certificate authorization and
Certificate Revocation List checking (all outside certificates).
We have a scenario (we've found in testing) where we do a transaction
in our application, then the user pulls his
On 13/02/2013 18:49, Will Nordmeyer wrote:
I have a scenario right now I need help with.
My Tomcat is configured for SSL, client certificate authorization and
Certificate Revocation List checking (all outside certificates).
We have a scenario (we've found in testing) where we do a
@tomcat.apache.org]
On Behalf Of Mark Thomas
Sent: Wednesday, February 13, 2013 11:36 AM
To: Tomcat Users List
Subject: Re: SSL Session Caching
On 13/02/2013 18:49, Will Nordmeyer wrote:
I have a scenario right now I need help with.
My Tomcat is configured for SSL, client certificate authorization
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Steven,
On 2/13/13 3:01 PM, Adamus, Steven J. wrote:
Nothing is going on. When the smartcard is removed, nothing goes
across the wire, so how could Tomcat possibly invalidate the
session?
!!?
OP reports that a new SmartCard is being inserted
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: SSL Session Caching
OP reports that a new SmartCard is being inserted and either the old
session persists (and the new user is allowed to masquerade as the old
user) or the new user is not authenticated but still
Will Nordmeyer wrote:
I have a scenario right now I need help with.
My Tomcat is configured for SSL, client certificate authorization and
Certificate Revocation List checking (all outside certificates).
We have a scenario (we've found in testing) where we do a transaction
in our application,