I am not sure whether i can post this here or not. But i want to try my luck.
I am facing problem in configuring rememberMe for one of the Josso partner
application. Following cookies are getting generated when i logging for the
first time.
cookie=JSESSIONID=964AB2019709DEEEA148DC018D69C2D4;
JOSSOSESSIONID=EE45FA07BFA8AFF42BA3CCA3FBB5C16B;
JOSSOREMEMBERME_josso="ke++yJbvJTRK5nXPCufcIA=="
>From the next time onwards it is expected that it should allow me to access
the application with out prompting the logon credentials. But here in this
case every time when i open the browser window and access the application,
logon page is showing up. Interestingly when i use Google Chrome browser, it
is working. But Google chrome prompting for save the passwords. I opted to
save the passwords in Google chrome. In case of using IE, it is not working.
Tomcat debug log is throwing the below exception. Please help me out in
resolving this issue. Quick response is highly appreciated.
15 Dec 2009 06:14:38,992 DEBUG Error getting client certs
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at
com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141)
at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1012)
at org.apache.coyote.Request.action(Request.java:352) at
org.apache.catalina.connector.Request.getAttribute(Request.java:896) at
org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:263)
at
org.josso.gateway.signon.LoginSelectorAction.execute(LoginSelectorAction.java:67)
at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.josso.gateway.filter.ProtocolHandlerFilter.doFilter(ProtocolHandlerFilter.java:86)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:275) at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
15 Dec 2009 06:14:38,992 DEBUG Looking for cookie: JOSSOREMEMBERMEjosso
15 Dec 2009 06:14:38,992 DEBUG RemembermeCookie NOT found!
Christopher Schultz-2 wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Joe,
>
> On 10/27/2009 5:34 PM, Joe Wallace wrote:
>> Hi Chris,
>> You wrote:
>>> Tomcat will create its JSESSIONID cookie like this in all cases:
>>
>>> Cookie cookie = new Cookie("JSESSIONID", sessionId);
>>> if(request.isSecure())
>>> cookie.setSecure(true);
>>
>> My filter calls HttpServletRequest.isSecure() which returns true
>> It then calls Cookie.getSecure() for the JSESSIONID cookie which returns
>> false.
>>
>> I am expecting this to return true since all connections have been over
>> https.
>> Or should I be looking elswhere?
>
> If this is what you are observing, then the cookie is being created
> during a non-https request. I would recommend clearing the cookie for
> your site in your browser, then visiting your site until you see the
> cookie appear.
>
> You can use an HttpServletRequestWrapper + a Filter to see where the
> session is being created if you'd rather not watch HTTP traffic.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkrocrkACgkQ9CaO5/Lv0PCVTACfZRIKYGnQP3Jn8TnXSJ7Ew/gW
> f9MAnjeIMMSJhO3et+EXonxuZW7o7/Et
> =L5et
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
--
View this message in context:
http://old.nabble.com/SessionID-cookie-not-secure-over-SSL-tp26083084p26794499.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
