Great observations Chuck, I will take a look these items. On Mon, Oct 25, 2010 at 11:22 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote:
> > From: Keith Masten [mailto:spmdt...@gmail.com] > > Subject: Re: Securing A Directory Listing > > > when I attempt to access the application with the > > fictitious 'bob' user account, the standard login > > dialog is presented to me over and over. > > Is your webapp discarding the session object? If so, stop that. > > Does your client disable cookies? If so, you'll need to use > HttpServletResponse.encodeURL() to pass the session id as a parameter on the > URL. > > Use Wireshark or a browser plug-in to see the real traffic being passed > back and forth. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
