Hello,
how do I track sessions without using cookies or URL-writing?
Following the Servlet API 2.3, the third way to track sessions is by
using the SSL-Layer to hold the ID.
I have tried that out with my installation (Apache 2.0.47, mod_jk2,
Tomcat 5.5.4) and followed the
configuration hints about mod_jk and ssl.
However, using form-based authentication, the server seems not to save
any session id as an attribute, ssl or anything.
In Bugzilla there was something about using
request.getAttribute("javax.servlet.request.key_size") which would
"activate" another attribute which one should get with
request.getAttribute("javax.servlet.request.ssl_session").
I tried that out - no effect.
Does someone use session tracking under SSL with a similar configuration
like mine above? How do you set/access
the session id and get hold of the Session (or SSLSession)?
Thank you in advance,
Oliver Schönwald
University of Hagen, Germany
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
