the session.
Regards,
Bob Feretich
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
run your whole application under
https or zap the Tomcat AuthenticatorBase code. I think I changed it to:
1) append ;jsessionid=... to URLs when they are redirected to the
https port.
2) remove the addition of the redirectPort to that same URL.
Regards,
Bob Feretich
Peter Neu wrote:
Hello everybody
;
try {
// url = new URL(protocol, host, redirectPort, file.toString());
url = new URL(protocol, host, file.toString()); // replace above
...
Good luck,
Bob Feretich
Peter Neu wrote:
Hi Bob,
I can't switch to https in this case (not a technical problem). So where
do I have
to perform the save.
The basic HttpSession object is for state management, not evidence of
authentication (see best practice RFC-2964 2.2.2). (You may attach
authentication info to the session object.)
Regards,
Bob Feretich
Dennis Payne wrote:
You can use the session.invalidate() if you need
.
Regards,
Bob Feretich
On Wed, 2004-12-15 at 15:17, Didier McGillis wrote:
Considering this is a pretty knowledgable group is there a good free
HTTP
Sniffer application I can use, I need to see what the HTTP headers
are returning on my site
I don't think that this will help much, but your problem seems like a
multi-threading problem rather than a lost request parameter problem.
Have you tried inserting in some debug code to write request parameters
to the log from the first servlet that receives them?
Regards,
Bob Feretich
=com.xxx.realm.classname ...
Regards,
Bob Feretich
Yes it is. You will have to change the name in server.xml file also to
your class name. Also the class/jar file should be placed in the common
folder since tomcat needs access to it.
Pandu
From: Ilja Smoli [EMAIL PROTECTED]
Reply-To: Tomcat Users
hijack protection.
Regards,
Bob Feretich
Hi all.
I would like to encrypt my login process so that login and password
are not visible on the network. That's why I defined a SSL connector on
port 8443 in my server.xml. My problem is that after the user logged in,
request keep on using the https
/cacerts)
For production, you may need to merge your keys and certificates with
the ones in this file.
Also note that the Verisign certificates in many the early 1.4.x JREs
have expired. Download the latest cacerts file for production.
Hope this helped.
Regards,
Bob Feretich
Subject: Rejected client
or is this a bug in the
suggested code?
Also getThreadCount() seems to return the number of ThreadGroups in the
branch rather than the number of Threads in the JVM.
Regards,
Bob Feretich
package com.mpi.chemi.portal.util;
import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger
in their ThreadGroup rather than appearing
as a peer to it.
out.println(prefix + \tT + ta[i].toString() );
Regards,
Bob Feretich
Ronald Klop wrote:
Hello,
I use the attached .jsp to view all the threads.
Ronald.
On Fri Jan 28 12:33:10 CET 2005 Tomcat Users List
tomcat-user@jakarta.apache.org wrote
as parameters. I placed my custom realm in
$CATALINA_HOME/shared/classes/ and everything worked OK.
Note that this will make your web application Tomcat dependent.
Regards,
Bob Feretich
Subject:
Limiting number of login attempts
From:
Anderson, M. Paul [EMAIL PROTECTED]
Date:
Thu, 10 Mar 2005 12:54
JSESSIONID cookies create a
security hole.
The committees are supposed address the security vs. state management
issue in the next Servlet Spec.
Regards,
Bob Feretich
I have a servlet/JSP application in which users establish their
servlet session using https but conduct the rest
.
Bob Feretich
Subject: Moving from http to https doesnt expire session
From:Fabian Pena [EMAIL PROTECTED]
Date:Mon, 02 May 2005 09:54:29 -0300
To:tomcat-user@jakarta.apache.org
hi all
I have a simple question, at least I think that.
I am developing an applicatin that contains confidential
The below security-constraint will make Tomcat require the use of SSL.
To have Tomcat automaitcally redirect for SSL, you must code
redirectPort=443
as part of your port=80 connector definition in the server.xml file.
Regards,
Bob Feretich
Subject:
Re: How do I redirect all tomcat ports to use SSL
15 matches
Mail list logo