thanks mark, if i understand you correct, it is simply NOT possible to invalidate the SSLSession of which i can get the id with request.getAttribute("javax.servlet.request.ssl_session") (it works with this key in 6.0.32)
wkr turnguard ----- Original Message ----- From: "Mark Thomas" <ma...@apache.org> To: "Tomcat Users List" <users@tomcat.apache.org> Sent: Wednesday, September 7, 2011 12:08:29 AM Subject: Re: SSLSession invalidate On 06/09/2011 22:42, Jürgen Jakobitsch wrote: > apparently there is one, i can get it's id with > request.getAttribute("javax.servlet.request.ssl_session") That is a Tomcat bug it should be javax.servlet.request.ssl_session_id > in tomcat7 there's the possibility to use SSLSessionManager to invalidate > SSLSession, so i'm doing a > wild guess, that something similar has to be possible with tomcat6 as well. Your wild guess is wrong. That feature is in Tomcat 7 onwards. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- | Jürgen Jakobitsch, | Software Developer | Semantic Web Company GmbH | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 | A - 1070 Wien, Austria | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 COMPANY INFORMATION | http://www.semantic-web.at/ PERSONAL INFORMATION | web : http://www.turnguard.com | foaf : http://www.turnguard.com/turnguard | skype : jakobitsch-punkt --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org