DO NOT REPLY [Bug 40766] Using an unsecure jsessionid with mod_proxy_ajp over https
https://issues.apache.org/bugzilla/show_bug.cgi?id=40766 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution||WONTFIX --- Comment #4 from Mark Thomas ma...@apache.org 2011-12-20 20:34:10 UTC --- This seems like a very bad idea to me too. Marking as WONTIX based on security concerns and general lack of interest in this enhancement for several years. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 40766] Using an unsecure jsessionid with mod_proxy_ajp over https
https://issues.apache.org/bugzilla/show_bug.cgi?id=40766 helgonhc helgonh...@yahoo.com.br changed: What|Removed |Added URL||http://hyunam.hanbat.ac.kr/ -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
DO NOT REPLY [Bug 40766] - Using an unsecure jsessionid with mod_proxy_ajp over https
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=40766. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=40766 [EMAIL PROTECTED] changed: What|Removed |Added Severity|normal |enhancement --- Additional Comments From [EMAIL PROTECTED] 2007-03-25 09:06 --- This is a real hornet's nest, setting secure to false on an https connection over a proxy. I don't see anyone else expressing interest in or voting for this item. I'm going to change it to an enhancement request, I think, to be able to deal with this scenario, but I don't quite see it getting implemented anytime soon. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 40766] - Using an unsecure jsessionid with mod_proxy_ajp over https
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=40766. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=40766 --- Additional Comments From [EMAIL PROTECTED] 2006-10-16 11:34 --- *** Bug 40763 has been marked as a duplicate of this bug. *** -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 40766] - Using an unsecure jsessionid with mod_proxy_ajp over https
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=40766. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=40766 --- Additional Comments From [EMAIL PROTECTED] 2006-10-16 13:17 --- The secure parameter of the Connector/ is ignored (We do something like request.setSecure(req.scheme().equals(https));). When setting to true in the http connector it tries to use SSL. The code does not follow the documentation... What to do? Setting secure could be interesting when using a proxy (ajp or http). -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug, or are watching the assignee. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]