On 13/04/2023 23:03, Kevin Huntly wrote:
Hello,
With this filter enabled in Tomcat's web.xml:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
</filter>
My sessions are being immediately lost. If I comment out the filter,
everythis is fine. What does this filter actually do,
https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/filters/HttpHeaderSecurityFilter.java
and is it required if
the front-end webserver already handles hsts?
That depends on why you added the filter. What features were you trying
to enable?
Mark
________________________________________________
Kevin Huntly
Email: kmhun...@gmail.com
Cell: 716/424-3311
________________________________________________
-----BEGIN GEEK CODE BLOCK-----
Version: 1.0
GCS/IT d+ s a C++ UL+++$ P+(++) L+++ E---
W+++ N+ o K(+) w--- O- M-- V-- PS+ PE Y(+)
PGP++(+++) t+ 5-- X-- R+ tv+ b++ DI++ D++
G++ e(+) h--- r+++ y+++*
------END GEEK CODE BLOCK------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org