Hi! >> 1.) Which mod should I use? > mod_proxy (is a supporting library in apache, which I think you need to > load in order to use mod_proxy_ajp or mod_proxy_xyzanything).
The advantage seems to be, that it's easier to configure. >> 2.) How to join application and SSL session? >> I've read in an old tomcat-apache-ssl documentation [5] that mod_jk is >> able to forward SSL session information to tomcat. So I wonder, how >> configure tomcat using ssl session as application session. > > If you are front ending with apache, then you want mod_ssl. If you are > using mod_ssl it will handle the SSL session. Yes of cause... You're right... > The AJP protocol will convery the SSL information to tomcat fairly > seamlessly, the idea being from the web-app's point of view it can't > tell the difference between an Apache fronted HTTP session and one > coming in via a AJP connector. You mean, that the session will be created by apache not by tomcat? > The AJP protocol is not secure from traffic snooping or secure again > pirate connections hijacking it directly, if you intend to run both on > the same machine I suggesting making Tomcat listen on 127.0.0.1:8007. Yes, that is, what I'm going to do. My problem is, that the application session (set by cookie or url parameter) is not associated with the SSL session. And I hope, there is an easy way to that. Thanks a lot, Michael -- Michael Decker [EMAIL PROTECTED] TESIS SYSware GmbH http://www.tesis.de Baierbrunnerstr. 15 * 81379 Muenchen * Tel. +49 89 747377-0 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]