thanks mark,
if i understand you correct, it is simply NOT possible to invalidate
the SSLSession of which i can get the id with
request.getAttribute("javax.servlet.request.ssl_session")
(it works with this key in 6.0.32)
wkr turnguard
----- Original Message -----
From: "Mark Thomas" <[email protected]>
To: "Tomcat Users List" <[email protected]>
Sent: Wednesday, September 7, 2011 12:08:29 AM
Subject: Re: SSLSession invalidate
On 06/09/2011 22:42, Jürgen Jakobitsch wrote:
> apparently there is one, i can get it's id with
> request.getAttribute("javax.servlet.request.ssl_session")
That is a Tomcat bug it should be javax.servlet.request.ssl_session_id
> in tomcat7 there's the possibility to use SSLSessionManager to invalidate
> SSLSession, so i'm doing a
> wild guess, that something similar has to be possible with tomcat6 as well.
Your wild guess is wrong. That feature is in Tomcat 7 onwards.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--
| Jürgen Jakobitsch,
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8
| A - 1070 Wien, Austria
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22
COMPANY INFORMATION
| http://www.semantic-web.at/
PERSONAL INFORMATION
| web : http://www.turnguard.com
| foaf : http://www.turnguard.com/turnguard
| skype : jakobitsch-punkt
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
