Hi Chuck! That's what I'm doing : - I had implemented a valve that extends FormAuthenticator to provide 2 authentications methods at the same time : FORM and CLIENT_CERT.
- Until this week everything worked fine : I can authenticate the users with 2 authentications methods, and the session is maintained. Yesterday, when I try to accede to HttpSession in Servlets, what's happen was: when the user is authenticated using FORM method, HttpSession isn't null in servlets, neither internal session(Session) in valve. However, when the user is authenticated using a CERT, all the sessions are null : HttpSession in Servlets and Session(Internal Session) in my Valve. - Well, I thought that the problem was in my valve, so I disable my valve, and in my web application I configured only one authentication method - CLIENT_CERT. However, the HttpSession was still null. - The strange thing is that everything works fine - I can authenticate the user using CLIENT_CERT method, and retrieve to him the requested URL and I have access to Principal in the HttpServletRequest object. But, when there is no session. - I had checked if the browsers accept cookies too, and it accepts. Do you have any idea of what's happen?! Thanks, Regards from Braga, Portugal Bárbara Vieira -----Original Message----- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: sábado, 1 de Dezembro de 2007 00:30 To: Tomcat Users List Subject: RE: SSL Session expires every request > From: Bárbara Vieira [mailto:[EMAIL PROTECTED] > Subject: RE: SSL Session expires every request > > HttpSession wasn't null in the beginning, when I started > my implementation. However, now is null in every request. How are you retrieving the session? A code sample would be good. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]