We have a webapp running on Tomcat 4.0.x/4.1.x behind an Apache web server. Apache and Tomcat talk to each other using mod_jk 1.2.x (we have several installations with different versions of Apache, Tomcat and mod_jk). Users connect to the webapp via Apache over SSL and we use a custom authentication mechanism that is not related to Tomcat or Apache authentication (using a transaction on a separate server).
I have been asked to investigate the possibility of using session tracking based on the SSL session (as per the 2.3 Java servlet specification). Would that be possible in our setup ? My main concern would be that the SSL session would not be known to Tomcat because of the Apache "front end" (which we can't do without without completely refactoring our app). TIA Sven -- Sven Bovin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
