Hi!
>> 1.) Which mod should I use?
> mod_proxy (is a supporting library in apache, which I think you need to
> load in order to use mod_proxy_ajp or mod_proxy_xyzanything).
The advantage seems to be, that it's easier to configure.
>> 2.) How to join application and SSL session?
>> I've read in an old tomcat-apache-ssl documentation [5] that mod_jk is
>> able to forward SSL session information to tomcat. So I wonder, how
>> configure tomcat using ssl session as application session.
>
> If you are front ending with apache, then you want mod_ssl. If you are
> using mod_ssl it will handle the SSL session.
Yes of cause... You're right...
> The AJP protocol will convery the SSL information to tomcat fairly
> seamlessly, the idea being from the web-app's point of view it can't
> tell the difference between an Apache fronted HTTP session and one
> coming in via a AJP connector.
You mean, that the session will be created by apache not by tomcat?
> The AJP protocol is not secure from traffic snooping or secure again
> pirate connections hijacking it directly, if you intend to run both on
> the same machine I suggesting making Tomcat listen on 127.0.0.1:8007.
Yes, that is, what I'm going to do.
My problem is, that the application session (set by cookie or url
parameter) is not associated with the SSL session. And I hope, there is
an easy way to that.
Thanks a lot,
Michael
--
Michael Decker [EMAIL PROTECTED]
TESIS SYSware GmbH http://www.tesis.de
Baierbrunnerstr. 15 * 81379 Muenchen * Tel. +49 89 747377-0
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
