-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lloyd,
DIGLLOYD INC wrote:
| What is a viable workaround for switching to http from https once
| the user is authenticated?
Simple: make sure that the user has a session before you switch into
HTTPS mode.
- -chris
-BEGIN PGP SIGNATURE-
Ver
I've been having the same issues others have been asking about. This
discussion has been useful, but...
===> What is a viable workaround for switching to http from https once
the user is authenticated? And is that idea unreasonable (see use
case below).
My main concern is that sending l
Christopher Schultz wrote:
André,
André Warnier wrote:
| thank you for the explanations below. And I apologise if I answered
| rather testily before.
It happens. Just remember that Mark happens to be a Tomcat dev, so he's
in a position to know the Truth ;)
Not that that means I am always r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
Martin wrote:
| If you're in a secure location that disallows cookies..you can always
| try url-rewrite
Dude. The container does URL rewriting without requiring other tools.
Stop confusing people with this junk.
- -chris
-BEGIN PGP SIG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
Sorry, one more comment:
André Warnier wrote:
| Off-topic : Are you sure that can really happen ? I must admit that I
| have never seen that behaviour before, and it seems to me that it would
| create a host of other problems (such as breakin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
André Warnier wrote:
| thank you for the explanations below. And I apologise if I answered
| rather testily before.
It happens. Just remember that Mark happens to be a Tomcat dev, so he's
in a position to know the Truth ;)
- -chris
-BE
- Original Message -
From: "Bill Davidson" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Tuesday, June 10, 2008 3:43 AM
Subject: Re: Session lost when switching from https to http after upgrade to
Tomcat 6
Johnny Kewl wrote:
maybe moving from HTTPs
- Original Message -
From: "Johnny Kewl" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Tuesday, June 10, 2008 3:19 AM
Subject: Re: Session lost when switching from https to http after upgrade to
Tomcat 6
- Original Message -
From: "B
Johnny Kewl wrote:
maybe moving from HTTPs to HTTP is just a bad idea.
No doubt. However, I didn't design this app and it's not up to me.
BTW, it's an old app. It's running on Tomcat 3.2.4 in production to
give you an idea of its age. We want to move to a newer server
first and then work on m
- Original Message -
From: "Bill Davidson" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Monday, June 09, 2008 7:17 PM
Subject: Re: Session lost when switching from https to http after upgrade to
Tomcat 6
Johnny Kewl wrote:
Bill... Just lose the FO
Martin wrote:
If you're in a secure location that disallows cookies..you can always
try url-rewrite
Sorry if I seem a bit dim but I don't understand how url-rewriting
helps me with cookie problems.
-
To start a new topic, e-
ssage -
From: "Bill Davidson" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Monday, June 09, 2008 7:10 PM
Subject: Re: Session lost when switching from https to http after upgrade to
Tomcat 6
BTW, I forgot to thank everyone for helping me to understand
what this
BTW, I forgot to thank everyone for helping me to understand
what this problem better. Understanding that the cookie was
being created by Tomcat with the secure flag and that the flag
was causing the problem was the key.
Thanks everyone.
--Bill Davidson
---
Bill Davidson wrote:
I'm confused so I'm not sure what I say below makes sense.
If I'm reading these posts correctly, the cookie is issued by the
front end
(which is Apache web server). Since it is created on an https
session, it
is being marked as "secure". When browser switches to a non-s
Johnny Kewl wrote:
Bill... Just lose the FORM authentication, replace it with DIGEST, or
even BASIC I think all your problems will go away.
I'm not exactly sure what you're saying. Are you saying that I shouldn't be
authenticating through a form?
krusek schrieb:
We use tomcat forms authentication and it is cookies being used.
There are 3 cookies, JSESSONIDSSO, test and JSESSONID.
Not sure how you tell if its marked secure? The test cookie is for testing
to assure cookies are enabled.
As explained below, my Firefox tells me, for whi
- Original Message -
From: "Bill Davidson" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Monday, June 09, 2008 12:36 AM
Subject: Re: Session lost when switching from https to http after upgrade to
Tomcat 6
I'm confused so I'm not sure w
I'm confused so I'm not sure what I say below makes sense.
If I'm reading these posts correctly, the cookie is issued by the front end
(which is Apache web server). Since it is created on an https session, it
is being marked as "secure". When browser switches to a non-secure
page on the same si
Mark Thomas wrote:
...
The problem is that some clients (as a result of the ISP they are
using) change IP with every request.
Off-topic : Are you sure that can really happen ? I must admit that I
have never seen that behaviour before, and it seems to me that it
would create a host of other
André Warnier wrote:
Mark,
thank you for the explanations below. And I apologise if I answered
rather testily before.
No problem. I can be a little short too sometimes.
The problem is that some clients (as a result of the ISP they are
using) change IP with every request.
Off-topic : Are you
Mark,
thank you for the explanations below. And I apologise if I answered
rather testily before.
Mark Thomas wrote:
André Warnier wrote:
Mark Thomas wrote:
André Warnier wrote:
A lot of speculation here, but who knows ?
Indeed. And it is all wrong.
Is that proven, or mere speculation on
André Warnier wrote:
Mark Thomas wrote:
André Warnier wrote:
A lot of speculation here, but who knows ?
Indeed. And it is all wrong.
Is that proven, or mere speculation on your part ?
That is fact. In the cases where Tomcat does do an internal redirect it
uses a RequestDispatcher.forward()
Mark Thomas wrote:
André Warnier wrote:
A lot of speculation here, but who knows ?
Indeed. And it is all wrong.
Is that proven, or mere speculation on your part ?
To my knowledge, there exists no case where the browser would not send
a cookie with every request, if it has it and it is v
On Fri, Jun 6, 2008 at 15:11, krusek <[EMAIL PROTECTED]> wrote:
> There are 3 cookies, JSESSONIDSSO, test and JSESSONID.
> Not sure how you tell if its marked secure?
Some browsers can tell you this. Check your browser's documentation.
But what I don't understand is why it "worked" before - I th
André Warnier wrote:
A lot of speculation here, but who knows ?
Indeed. And it is all wrong.
To my knowledge, there exists no case where the browser would not send a
cookie with every request, if it has it and it is valid.
Well, there is the obvious example Rainer has already given of cookies
Hi.
A couple of emails ago, I think you showed the code that was doing a
redirect, and said that that was where it seemed to be "losing the cookie".
Let me get back to a couple of my oen emails ago, just to set matters
straight : a cookie is "a browser thing". If the browser has never seen
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.
krusek wrote:
I have Apache 2 with SSL, mod_jk connection, and Tomcat. Everything has
worked peachy from one tomcat upgrade after another. However now I upgraded
to tomcat 6 and I am loosing the session when switching from https to http
within the same domain.
For clarity, Apache 2 is handli
krusek wrote:
I have Apache 2 with SSL, mod_jk connection, and Tomcat. Everything has
worked peachy from one tomcat upgrade after another. However now I upgraded
to tomcat 6 and I am loosing the session when switching from https to http
within the same domain.
For clarity, Apache 2 is handli
tomcat.
Does anyone know why this is happening?
Thanks!
Kevin
--
View this message in context:
http://www.nabble.com/Session-lost-when-switching-from-https-to-http-after-upgrade-to-Tomcat-6-tp17658157p17658157.html
Sent from the Tomcat - User mailing list archive at Nabble.com
30 matches
Mail list logo