On 24/09/12 19:50, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brian,
On 9/23/12 5:46 AM, Brian Burch wrote:
However, in the case where the client is not using cookies (my
test disables them for its Context), there does not appear to be a
way for the server to communicate the new jsessionid value to the
client.
How does the client get the session id in the first place if there
aren't any cookies?
Sorry to suck you into this topic... unless it really interests you!
I explained at the start of this thread that I was writing a new unit
test case to replicate bz53584. I was having trouble making it
demonstrate Mark's fix, so I knew I had introduced a new failure mode -
I just didn't understand it.
I am not nit-picking for every single corner case, but I want to expand
the unit test case set for the FormsAuthenticator to include bz53584,
but also any fairly plausible variants of it.
I hope you will find the general answer to your question in my
continuing discussion with Mark on this thread.
However, if I understand you correctly, the answer (within the context
of TestFormAuthenticator) is that the (junit) client gets the initial
jsessionid by screen-scraping the j_security_check FORM's action
parameter, which has been encoded by the
/examples/jsp/security/protected/login.jsp.
You should repeat that process for every response
you get from the server.
You are correct. Once I understood what was going wrong with my
prototype test case, I clarified my understanding with Mark's help and
more research. The new version of the test is obliged to screen-scrape
the new jsessionid value out of subsequent server responses, which are
properly encoded by index.jsp.
Thanks for prompting me to explain. This thread might turn out to be
useful in future, and I don't want to leave red herrings (mine, at
least) lying about.
Regards,
Brian
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBgq30ACgkQ9CaO5/Lv0PD1EgCgjtt4+YUdhQZUL6ti+SoEnR0j
TnYAnjWacJEwnYNtVqqJiydaJSmsiXu2
=W12C
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org