On 13/04/2023 23:03, Kevin Huntly wrote:
Hello, With this filter enabled in Tomcat's web.xml:<filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <async-supported>true</async-supported> </filter> My sessions are being immediately lost. If I comment out the filter, everythis is fine. What does this filter actually do,
https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/filters/HttpHeaderSecurityFilter.java
and is it required if the front-end webserver already handles hsts?
That depends on why you added the filter. What features were you trying to enable?
Mark
________________________________________________ Kevin Huntly Email: kmhun...@gmail.com Cell: 716/424-3311 ________________________________________________ -----BEGIN GEEK CODE BLOCK----- Version: 1.0 GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E--- W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+) PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++ G++ e(+) h--- r+++ y+++* ------END GEEK CODE BLOCK------
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
