Hi,
I have a very rare problem regarding session handling. It is
reproducible only on a single server environment. Of cause this is the
productive server.
I use container authentication and for simplicity 'tomcat-user.xml'.
Login is done via HttpServletRequest.login() method, whenever I
2016-01-08 19:02 GMT+03:00 Christopher Schultz :
> Thomas,
>
> On 1/8/16 8:00 AM, Thomas Scheffler wrote:
>> Am 08.01.16 um 11:43 schrieb Olaf Kock:
>>> Is there any chance that the first and correctly authenticated cookies
>>> (despite the debug output
Is there any chance that the first and correctly authenticated cookies
(despite the debug output "secure=false") are https-only cookies and
won't get transmitted in http, thus triggering new sessions? E.g. any
chance they get rewritten at another level (Apache httpd, ServletFilter,
others) to be
Am 08.01.16 um 11:43 schrieb Olaf Kock:
Is there any chance that the first and correctly authenticated cookies
(despite the debug output "secure=false") are https-only cookies and
won't get transmitted in http, thus triggering new sessions? E.g. any
chance they get rewritten at another level
Am 08.01.16 um 14:03 schrieb André Warnier (tomcat):
Hi Thomas.
It is a bit difficult to figure out where the problem really is, without
having the full picture of what is going on (your web.xml configuration,
the order and precise timing in which requests really happen etc.).
But one thing I
On 08.01.2016 10:07, Thomas Scheffler wrote:
Hi,
I have a very rare problem regarding session handling. It is reproducible only
on a single
server environment. Of cause this is the productive server.
I use container authentication and for simplicity 'tomcat-user.xml'.
Login is done via
Thomas,
On 1/8/16 8:00 AM, Thomas Scheffler wrote:
> Am 08.01.16 um 11:43 schrieb Olaf Kock:
>> Is there any chance that the first and correctly authenticated cookies
>> (despite the debug output "secure=false") are https-only cookies and
>> won't get transmitted in http, thus triggering new