-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hardy,
On 9/3/15 12:52 PM, Pottinger, Hardy J. wrote: > Hi, I'm trying to disable session-fixation-attack protection on > our test server, and I've added the following valve to both my > application's context-fragment file, as well as the main > context.xml file: > > <Valve > className="org.apache.catalina.authenticator.BasicAuthenticator" > changeSessionIdOnAuthentication="false" alwaysUseSession="true"/> Are you actually using HTTP Basic authentication? You may be configuring the wrong authenticator. (I know nothing about Shibboleth). > However, after several Tomcat restarts, I can still see the > session cookie change after authentication. > > I'm wondering if perhaps the problem is that this isn't Tomcat > authentication, but HTTPD authentication, via the Shibboleth > module on Apache. Perhaps, but Tomcat is always the arbiter of your session identifier. Are you even using an authenticator in Tomcat? What is your <auth-method> in web.xml say? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6HzCAAoJEBzwKT+lPKRY03cQAI0jlkvH+bLotz3wFo895a4v 7a+AsrP7zpIErjC5oMMzRXwqpXbxkBX93Yc7h5xH08iW3KeqmPAz2R3SF1BTmbsW 1julPHxo1VDc00siTNflWgxHk3JHn/OD08YlUolVLYxAEgoCj8oZ/m8wmWyNAkmX LuW23mr32l+QmPvFWQbwlaQzt4uGrt2f1nq24wWP3ZZ+NhoZLhFyEqYVnq2KQ7PS gyvRjnhGZJ+EuVyL8N3rna0yTyKVHIrh9amTduOx1XwC85+3QLvQDhpIFjVSAm3L Bbpoi81rHnZHVfGNO6HGf2oJRmCJAg3s1iLbY2gTG5PsXUtu4PoKTaMUHPJbKS43 BhoTacODdsa0IdGeDlFX3vjUfGMYh7ymo+a43FscOLsbMyZJAZRjAFD26oHislcb RYaYYIRseXHir65NxlDn/lvdFNllqOJtcBXKB2kFZlDPNUcuizR17bZV6BzJi0bG iQWej2JbYSfOKHLCd9mkQO7iI9eklwNXHxyoAPFP2aSP6Hu5hispKtckO2Pu3UOW VqEsH929MD9XMCe/wea0WxW+JmQDFmFZZxHDYfGisJ1v5wSKStjH6mNZZR1tmCpm tPIJDcgUB4ag2k+pkzs35QVYBgaXRbh3S2/XMlXHoMhzSZd+ciPPGa96Zll2TEZR puMLQsH0udM3ptXfWDBR =6J0h -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
