I'm using 4.0.5.GA and I have enabled the org.apache.catalina.authenticator.SingleSignOn valve in tomcat/server.xml. I'm trying to protect my web apps using the OWASP Stinger servlet filter, specifically its cookie validation feature. I'm trying to determine when I will get a regular JESSSIONID and when I will get a JESSIONIDSSO? I have noticed that I get either a varied points when I enter my web app. My app is only accessible via SSL and I have configured the SSO valve to my domain, not just the app context. Also, Is there an issue with session cookies and IE7?
Thanks! B View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4036371#4036371 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4036371 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
