Re: problems with partitioned cookies

ioned cookies" for every site, everywhere, regardless of the "partitioned" flag on a Set-Cookie header. Why do you have to bother modifying your application? It seems to be that CHIPS will die on the vine and will never become an official standard. In fact, it looks like it has

Re: problems with partitioned cookies

Hi Mark, dang! I missed that while checking the changelog. Thanks for pointing out. Regards, Holger Mark Thomas wrote (at 2024-03-18 17:03 +): > On 18/03/2024 15:16, info@klawitter.de wrote: > > > What am I doing wrong here? (Tomcat 9.0.82) > >

Re: problems with partitioned cookies

On 18/03/2024 15:16, info@klawitter.de wrote: What am I doing wrong here? (Tomcat 9.0.82) https://tomcat.apache.org/tomcat-9.0-doc/changelog.html Search for "partitioned" The problem is you are using Tomcat 9.0.82. Support for a default partitioned attribute wasn't added until 9.0.85.

problems with partitioned cookies

Hi there, I have to make my webapp complying to CHIPS. For this I am trying to configure the CookieProcessor to allow partitioned cookies. For this I added a CookieProcessor directive to the context.xml like this: However tomcat complains about this with [Catalina-utility-1

Re: [EXTERNAL] - Re: Partitioned cookies

Mark, On 12/15/23 04:03, Mark Thomas wrote: On 14/12/2023 21:15, André van der Lugt wrote: From: Chuck Caldarale <mailto:n82...@gmail.com> Sent: Wednesday, November 15, 2023 9:48 AM To: Tomcat Users List <mailto:users@tomcat.apache.org> Subject: [EXTERNAL] - Re: Partitioned cook

Re: [EXTERNAL] - Re: Partitioned cookies

On 14/12/2023 21:15, André van der Lugt wrote: From: Chuck Caldarale <mailto:n82...@gmail.com> Sent: Wednesday, November 15, 2023 9:48 AM To: Tomcat Users List <mailto:users@tomcat.apache.org> Subject: [EXTERNAL] - Re: Partitioned cookies On Nov 15, 2023, at 08:06, Adam Warfield &

RE: [EXTERNAL] - Re: Partitioned cookies

> -Original Message- > From: Adam Warfield > Sent: woensdag 15 november 2023 16:49 > To: Tomcat Users List > Subject: Re: [EXTERNAL] - Re: Partitioned cookies > > That's strange. I was not aware the proposal had expired. I've been working > off of a few pages

Re: Partitioned cookies

Adam, On 11/15/23 09:06, Adam Warfield wrote: The Rfc6265CookieProcessor supports setting the SameSite cookie attribute but starting in 2024, browsers will begin enforcing the newer "Partitioned" attribute for third-party cookies. Is there a way to set this attribute within Tomcat

Re: [EXTERNAL] - Re: Partitioned cookies

Sent: Wednesday, November 15, 2023 9:48 AM To: Tomcat Users List Subject: [EXTERNAL] - Re: Partitioned cookies CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you feel

Re: Partitioned cookies

> On Nov 15, 2023, at 08:06, Adam Warfield > wrote: > > The Rfc6265CookieProcessor supports setting the SameSite cookie attribute but > starting in 2024, browsers will begin enforcing the newer "Partitioned" > attribute for third-party cookies. Is there a way to

Partitioned cookies

The Rfc6265CookieProcessor supports setting the SameSite cookie attribute but starting in 2024, browsers will begin enforcing the newer "Partitioned" attribute for third-party cookies. Is there a way to set this attribute within Tomcat for things like the JSESSIONID and XSRF-TOK

Re: SameSite cookies shows as "Unset" but Header shows Correct Value

Just to confirm, we know that Chrome will block JSESSIONID it if sent over unsecure connection and with SameSite=None. But we saw the previously mentioned issue in Firefox. Thanks, On Wed, 11 Mar 2020 at 15:33, M. Manna wrote: > Hi All, > > Due to the recent issues with Chrome 80, we have had

SameSite cookies shows as "Unset" but Header shows Correct Value

Hi All, Due to the recent issues with Chrome 80, we have had to make some changes for our context.xml to have SameSite attribute setup for CookieProcessor What we've noticed is that even though CookieProcessorBase captures and assigns the correct value (e.g. "None" or "Lax"), the Network tab of

Re: SameSite cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 M, On 11/8/19 10:40, M. Manna wrote: > Interesting question. > > samesite attribute is also to protect cookies from possible > cross-site attacks. Even if you have super domain cookies, using > strict/lax shouldn't make any dif

Re: SameSite cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 11/8/19 11:53, Mark Thomas wrote: >> All, >> >> I'm looking at using "samesite" cookies within my application. >> It looks as simple as setting the "sameSite" attribute >> appropriate

Re: SameSite cookies

> All, > > I'm looking at using "samesite" cookies within my application. It > looks as simple as setting the "sameSite" attribute appropriately on > the CookieProcessor for the , which isn't there in a default > configuration. So you just have to add it:

Re: SameSite cookies

On Fri, Nov 8, 2019 at 4:04 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > All, > > I'm looking at using "samesite" cookies within my application. It > looks as simple as setting t

Re: SameSite cookies

Hey Chris, Interesting question. samesite attribute is also to protect cookies from possible cross-site attacks. Even if you have super domain cookies, using strict/lax shouldn't make any difference for you, or does it? Thanks, On Fri, 8 Nov 2019 at 15:04, Christopher Schultz <

SameSite cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm looking at using "samesite" cookies within my application. It looks as simple as setting the "sameSite" attribute appropriately on the CookieProcessor for the , which isn't there in a default configuration. So

Re: Tomcat 7 - Sporadic problem re: cookies

esponse. Unfortunately it doesn't appear to be a > > bad cookie name or value, as the identical set of cookies are > > passed (and parsed correctly) on requests that immediately precede > > and follow the failing request. That's pretty clear from both the > > Wireshark and Tomcat acce

Re: Tomcat 7 - Sporadic problem re: cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chad, On 2/27/18 9:02 PM, Chad Stansbury wrote: > Thanks for your response. Unfortunately it doesn't appear to be a > bad cookie name or value, as the identical set of cookies are > passed (and parsed correctly) on requests that immediatel

Re: Tomcat 7 - Sporadic problem re: cookies

Hello Chris - Thanks for your response. Unfortunately it doesn't appear to be a bad cookie name or value, as the identical set of cookies are passed (and parsed correctly) on requests that immediately precede and follow the failing request. That's pretty clear from both the Wireshark and Tomcat

Re: Tomcat 7 - Sporadic problem re: cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chad, On 2/27/18 9:44 AM, Chad Stansbury wrote: > We've been troubleshooting an issue where our web application is > getting a very occasional request that contains no cookies even > though a Wireshark on the application server shows thos

Tomcat 7 - Sporadic problem re: cookies

We've been troubleshooting an issue where our web application is getting a very occasional request that contains no cookies even though a Wireshark on the application server shows those cookies coming in on the request. I was able to replay the request that was captured via Wireshark, and when

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

2016-11-10 16:02 GMT+01:00 Christopher Schultz <ch...@christopherschultz.net >: > http://mrcoles.com/media/test/cookies-max-age-vs-expires.html > > Just tested with Edge and MSIE11 on Win 10. Both fail to recognize the > expiration of a cookie when "expires" is not

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

wser will a much smaller - >> and shrinking - market share I could be convinced. >> > > http://promincproductions.com/blog/set-cookie-expiration-date-browser- compatiability/ > > There's really conflicting info on this ... http://mrcoles.com/media/test/cookies-max-age-vs-expir

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

2016-11-10 11:51 GMT+01:00 Mark Thomas : > Tempting. But IE/Edge represents ~30% of the current browser usage. If > we were talking about a browser will a much smaller - and shrinking - > market share I could be convinced. >

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

ing for. >> >> I don't recall anyone raising it before now. >> >>> Has anyone else run into an issue with persistent cookies in Tomcat >>> 8.5+ and IE not working? >> >> I can confirm I see the same issue. >> >>> Does it make sense

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

. > > > Has anyone else run into an issue with persistent cookies in Tomcat > > 8.5+ and IE not working? > > I can confirm I see the same issue. > > > Does it make sense that the shipping configuration would not work > > with IE for persistent cookies? > >

RE: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, November 07, 2016 9:25 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions -BEGIN PGP SIGNED M

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

I'm +1 on adding an option, and I think it should be enabled *by default*. The name of the option should be more clear about what it actually does rather than "fix cookies for stupid MSIE" (as satisfying as that would be). It should be something more like supplyExpiresAndMaxAgeWit

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

anyone else run into an issue with persistent cookies in Tomcat >> 8.5+ and IE not working? > > I can confirm I see the same issue. > >> Does it make sense that the shipping configuration would not work >> with IE for persistent cookies? > > I'll turn that around.

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

On 04/11/2016 19:10, Hedrick, Brooke - 43 wrote: > Sorry if this has been already asked. I searched the archives and > didn't find what I was looking for. I don't recall anyone raising it before now. > Has anyone else run into an issue with persistent cookies in Tomcat >

Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

Sorry if this has been already asked. I searched the archives and didn't find what I was looking for. Has anyone else run into an issue with persistent cookies in Tomcat 8.5+ and IE not working? We are seeing an issue where the new default cookie processor

Re: Webapp with underscore in it's name leads to failed session-cookies

set with the path /jsf%5ftest, while other cookies >>> (set by myfaces) were correctly set with the path /jsf_test. It >>> looks like firefox treats /jsf_test and /jsf%5ftest as >>> different pathes and therefore does not send the session cookie >>> with the next requ

Re: Webapp with underscore in it's name leads to failed session-cookies

On 22/06/2016 11:29, Mark Thomas wrote: > On 22/06/2016 09:28, Markus Näher wrote: >> In the web console of firefox, I could see that the session cookie was >> set with the path /jsf%5ftest, while other cookies (set by myfaces) were >> correctly set with the path /jsf_t

Re: Webapp with underscore in it's name leads to failed session-cookies

, I could see that the session cookie was > set with the path /jsf%5ftest, while other cookies (set by myfaces) were > correctly set with the path /jsf_test. > It looks like firefox treats /jsf_test and /jsf%5ftest as different > pathes and therefore does not send the session cookie with

Webapp with underscore in it's name leads to failed session-cookies

manager (web) and the webapp's welcome page in the browser, I can see that every reload of the webapp page increases the session count. In the web console of firefox, I could see that the session cookie was set with the path /jsf%5ftest, while other cookies (set by myfaces) were correctly set

Re: Multiple JSESSIONID cookies being presented.

ers@tomcat.apache.org> >> Subject: Re: Multiple JSESSIONID cookies being presented. >> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> >> Jeffrey, >> >> On 9/10/15 12:26 PM, Jeffrey Janner wrote: >>> Thanks for all the help guys. I think I'v

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Thursday, September 10, 2015 12:01 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: RE: Multiple JSESSIONID cookies being presented. > > > From: Jeff

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Thursday, September 10, 2015 2:24 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, September 09, 2015 1:50 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP

RE: Multiple JSESSIONID cookies being presented.

> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > Subject: RE: Multiple JSESSIONID cookies being presented. > I checked the error.jsp file and it does have session=true set, and if the > icon file > is missing, the error.jsp is definitely being sent. >

Re: Multiple JSESSIONID cookies being presented.

and watching cookies > and access logs, both with and without a favicon.ico file, I found > that the doubling was happening only if the file was missing. I > checked the error.jsp file and it does have session=true set, and > if the icon file is missing, the error.jsp is definitely being

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Igor Cicimov [mailto:icici...@gmail.com] > Sent: Tuesday, September 08, 2015 10:09 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: RE: Multiple JSESSIONID cookies being presented. > > On 09/09/2015 7:13 AM, &q

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Tuesday, September 08, 2015 4:58 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: RE: Multiple JSESSIONID cookies being presented. > > > From: Jose

Re: Multiple JSESSIONID cookies being presented.

ers@tomcat.apache.org> >> Subject: RE: Multiple JSESSIONID cookies being presented. >> >>> From: Jose María Zaragoza [mailto:demablo...@gmail.com] >>> Subject: Re: Multiple JSESSIONID cookies being presented. >> >>>> Thanks for the clarification of what

Re: Multiple JSESSIONID cookies being presented.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 9/4/15 4:40 PM, Jeffrey Janner wrote: > I'm surprised that Tomcat would use the "wrong" session id for > URL-rewriting when presenting the login screen. Are you saying > that, when showing the login page for /APP2, Tomcat will: > > a.

Re: Multiple JSESSIONID cookies being presented.

che.org> >> Subject: RE: Multiple JSESSIONID cookies being presented. >> >> > From: Jose María Zaragoza [mailto:demablo...@gmail.com] >> > Subject: Re: Multiple JSESSIONID cookies being presented. >> >> > > Thanks for the clarification of what's supposed

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Jose María Zaragoza [mailto:demablo...@gmail.com] > Sent: Tuesday, September 08, 2015 9:22 AM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > 2015-09-08 15:

RE: Multiple JSESSIONID cookies being presented.

> From: Jose María Zaragoza [mailto:demablo...@gmail.com] > Subject: Re: Multiple JSESSIONID cookies being presented. > > Thanks for the clarification of what's supposed to happen on receipt, Jose. > > However, I am describing what happens on first contact from the client

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Jose María Zaragoza [mailto:demablo...@gmail.com] > Sent: Tuesday, September 08, 2015 9:08 AM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > 2015-09-08 15:

Re: Multiple JSESSIONID cookies being presented.

>> Subject: Re: Multiple JSESSIONID cookies being presented. >> >> 2015-09-08 15:51 GMT+02:00 Jeffrey Janner <jeffrey.jan...@polydyne.com>: >> >> -Original Message- >> >> From: Christopher Schultz [mailto:ch...@christopherschultz.net

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, September 04, 2015 12:46 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP

Re: Multiple JSESSIONID cookies being presented.

che.org> >> Subject: Re: Multiple JSESSIONID cookies being presented. >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Jeffrey, >> >> On 9/4/15 12:37 PM, Jeffrey Janner wrote: >> > I'm running Tomcat 8.0.24 on Ubuntu 14.04 w

Re: Multiple JSESSIONID cookies being presented.

che.org> >> Subject: Re: Multiple JSESSIONID cookies being presented. >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Jeffrey, >> > Now, it's been doing this since at least Tomcat 6, I have one running now, > and I've never had a pr

RE: Multiple JSESSIONID cookies being presented.

s@tomcat.apache.org> > > Subject: Re: Multiple JSESSIONID cookies being presented. > > > > 2015-09-08 15:51 GMT+02:00 Jeffrey Janner <jeffrey.jan...@polydyne.com>: > > >> -Original Message- > > >> From: Christopher Schultz [mailto:ch...@chri

Multiple JSESSIONID cookies being presented.

at a login screen unique to the context and provided by it (not using container auth). When I connect to ROOT, no problem, but when I connect to APP2, I get 2 JSESSIONID cookies, one with the path "/" and the other with the path "/APP2/". On the Windows implementations, we are

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, September 04, 2015 12:46 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP

Re: Multiple JSESSIONID cookies being presented.

ers@tomcat.apache.org> >> Subject: Re: Multiple JSESSIONID cookies being presented. >> > Jeffrey, > > On 9/4/15 12:37 PM, Jeffrey Janner wrote: >>>> I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but >>>> I'm also seeing this on Windows (versi

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, September 04, 2015 2:55 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP

Re: Multiple JSESSIONID cookies being presented.

Java 7U51. > > I have 2 contexts installed in Tomcat, one is ROOT, the other > APP2. Both contexts start off at a login screen unique to the > context and provided by it (not using container auth). > > When I connect to ROOT, no problem, but when I connect to APP2, I >

Re: AW: Rfc6265 cookies starting with a dot

On 14/04/2015 09:05, Peter Schroer wrote: This isn't possible because I'm writing some kind of proxy and I dont't have any influence on the websites (and the cookies of course). It would be possible to ignore invalid cookies if tomcat could be configured to do so. The error message is from

Re: Rfc6265 cookies starting with a dot

On 14/04/2015 07:53, Peter Schroer wrote: Hello, I'm using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are cookies starting with a dot I'm getting the following error: java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was specified for this cookie

AW: Rfc6265 cookies starting with a dot

This isn't possible because I'm writing some kind of proxy and I dont't have any influence on the websites (and the cookies of course). It would be possible to ignore invalid cookies if tomcat could be configured to do so. Greetings Peter -Ursprüngliche Nachricht- Von: Mark Thomas

Rfc6265 cookies starting with a dot

Hello, I'm using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are cookies starting with a dot I'm getting the following error: java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was specified for this cookie

Re: How to enable cookies in Apache Tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavel, On 3/27/15 1:54 PM, Pavel Yermolenko wrote: In my default browser (Chrome) the cookies are enabled, the proof is: the .jsp page is correctly displayed in browser. In the meantime I've tried to access to Manager App page from main page

Re: How to enable cookies in Apache Tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavel, On 3/27/15 1:07 PM, Pavel Yermolenko wrote: Trying to test jsp page in Apache Tomcat 8.0, I've met problems - opened page displays suggestions how to enable cookies in different browsers. Is there some option, allowing to setup/enable

RE: How to enable cookies in Apache Tomcat

From: Pavel Yermolenko [mailto:py.oh...@sunrise.ch] Subject: How to enable cookies in Apache Tomcat Trying to test jsp page in Apache Tomcat 8.0, I've met problems - opened page displays suggestions how to enable cookies in different browsers. Is there some option, allowing to setup/enable

Re: How to enable cookies in Apache Tomcat

it with tomcat. What you mean saying Can you post some of the code ... ? The content of .jsp ? Yes, what does your .jsp file have in it? When I use my default browser (Chrome), the .jsp page is correctly visualized. Is it possible that you have cookies disabled in the other browser (not Chrome

RE: How to enable cookies in Apache Tomcat

Hello Chuck, In my default browser (Chrome) the cookies are enabled, the proof is: the .jsp page is correctly displayed in browser. In the meantime I've tried to access to Manager App page from main page http://localhost:8080/, but access were refused (I tried username = tomcat, password

How to enable cookies in Apache Tomcat

Hello, Hello, Trying to test jsp page in Apache Tomcat 8.0, I've met problems - opened page displays suggestions how to enable cookies in different browsers. Is there some option, allowing to setup/enable cookies in Apache Tomcat. Thanks in advance Pavel --- L'absence de virus

RE: How to enable cookies in Apache Tomcat

cookies in Apache Tomcat -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavel, On 3/27/15 1:07 PM, Pavel Yermolenko wrote: Trying to test jsp page in Apache Tomcat 8.0, I've met problems - opened page displays suggestions how to enable cookies in different browsers. Is there some option

Re: How to enable cookies in Apache Tomcat

Pavel Yermolenko wrote: Hello Chuck, In my default browser (Chrome) the cookies are enabled, the proof is: the .jsp page is correctly displayed in browser. In the meantime I've tried to access to Manager App page from main page http://localhost:8080/, but access were refused (I tried username

RE: How to enable cookies in Apache Tomcat

From: Pavel Yermolenko [mailto:py.oh...@sunrise.ch] Subject: RE: How to enable cookies in Apache Tomcat In the meantime I've tried to access to Manager App page from main page This is a different issue, so should be discussed in a different thread. Read this first: http://www.catb.org/~esr

RE: How to enable cookies in Apache Tomcat

Chris, Indeed, it was the case - after checking 2 other browsers (IE and Mozilla) I discovered that cookies weren't enable there. I enabled them in both (IE and Mozilla), but nothing changed in Eclipse when I run .jsp page. I can attach .jsp file (47kB), but not sure that it's supported

Re: How to enable cookies in Apache Tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavel, On 3/27/15 2:29 PM, Pavel Yermolenko wrote: Indeed, I forgot about comments ... but after removing them the issue persists - the pair tomcat/tomcat (for username/password) still doesn't work. Hmm. Can you post the full contents of the

RE: How to enable cookies in Apache Tomcat

In attachment I've put the content of .jsp -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: vendredi 27 mars 2015 18:58 To: Tomcat Users List Subject: Re: How to enable cookies in Apache Tomcat -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavel

RE: How to enable cookies in Apache Tomcat

] Sent: vendredi 27 mars 2015 18:58 To: Tomcat Users List Subject: Re: How to enable cookies in Apache Tomcat -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavel, On 3/27/15 1:54 PM, Pavel Yermolenko wrote: In my default browser (Chrome) the cookies are enabled, the proof is: the .jsp page

RE: How to enable cookies in Apache Tomcat

Ok Chuck, I'm sorry. I'll not repeat this error. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: vendredi 27 mars 2015 19:01 To: Tomcat Users List Subject: RE: How to enable cookies in Apache Tomcat From: Pavel Yermolenko [mailto:py.oh

Re: Single Signon without Cookies

of which says: The Single Sign On feature utilizes HTTP cookies to transmit a token that associates each request with the saved user identity, so it can only be utilized in client environments that support cookies. I had always thought encoded url's were equally acceptable, but I was mistaken

Re: Single Signon without Cookies

Hi Brian, Can you send us some sample unit tests if it doesn't violate any laws or infringements.

Re: Single Signon without Cookies

On 11/12/13 16:47, selvakumar netaji wrote: Hi Brian, Can you send us some sample unit tests if it doesn't violate any laws or infringements. Like tomcat itself, the unit tests are open source. The tests are all in the tc7 and tc8 repositories! Just do a svn checkout or browse them online.

Single Signon without Cookies

is described briefly in the Servlet Spec, but is not defined. Tomcat implements SSO as a Valve. It is described in the tomcat docs Reference section, docs/config/host.html#Single Sign On ... which has six bullet points, the last of which says: The Single Sign On feature utilizes HTTP cookies

Re: Single Signon without Cookies

: The Single Sign On feature utilizes HTTP cookies to transmit a token that associates each request with the saved user identity, so it can only be utilized in client environments that support cookies. I had always thought encoded url's were equally acceptable, but I was mistaken

Re: with useHttpOnly=true my browser could access cookies through javascript.

the below result Set-Cookie: JSESSIONID=01D4A20F51FCE8F8401B47999524D8AB; Path=/UserHttpOnlyTest/; Secure; HttpOnly I have one more question to the same context,is there a way to enable the httponly to the non-container managed cookies other than programatically? No. It's not appropriate

Re: with useHttpOnly=true my browser could access cookies through javascript.

/; Secure; HttpOnly I have one more question to the same context,is there a way to enable the httponly to the non-container managed cookies other than programatically? Adding the below lines in my application web.xml doenst have an impact on the header session-config cookie-config http-onlytrue/http

with useHttpOnly=true my browser could access cookies through javascript.

= + sessionid + ; Path= + contextPath); response.addCookie(cookie); response.addCookie(cookie1); pw.println(Cookies created); When i verified http header,i am able to see the cookie values as Set-Cookie: JSESSIONID

Re: with useHttpOnly=true my browser could access cookies through javascript.

sessionid = request.getSession().getId(); String contextPath = request.getContextPath(); response.setHeader(SET-COOKIE, JSESSIONID= + sessionid + ; Path= + contextPath); response.addCookie(cookie); response.addCookie(cookie1); pw.println(Cookies created); Well, of course that code will not enable

Re: Tomcat 8 Websocket API - Cookies Headers

must be missing something simple. Any suggestions? Thanks, Todd On Thu, Aug 22, 2013 at 10:12 PM, Niki Dokovski nick...@gmail.com wrote: On Fri, Aug 23, 2013 at 2:58 AM, toddfas todd...@gmail.com wrote: I'm trying to figure out how to get access to the cookies and headers passed up

Re: Tomcat 8 Websocket API - Cookies Headers

;t see an easy way for doing this. Can you describe the use case in greater details. What problem do you solve by having access to the handshale request headers (incl cookies) in that phase? Thanks, Todd On Thu, Aug 22, 2013 at 10:12 PM, Niki Dokovski nick...@gmail.com wrote: On Fri, Aug 23

Re: Tomcat 8 Websocket API - Cookies Headers

are already in the websocket world. I don;t see an easy way for doing this. Can you describe the use case in greater details. What problem do you solve by having access to the handshale request headers (incl cookies) in that phase? Thanks, Todd On Thu, Aug 22, 2013 at 10:12 PM, Niki

Re: Tomcat 8 Websocket API - Cookies Headers

httpSession = (HttpSession) session.getUserProperties().get(httpSessionObject); } It ain't pretty. IMO, it was a serious design flaw in the spec not to provide ways to get the HttpSession and Cookies from the Session object. Maybe I'll try to get on the EG for the next version. :-) N On Aug 23, 2013

Re: Tomcat 8 Websocket API - Cookies Headers

: @OnOpen public void onOpen(Session session) { HttpSession httpSession = (HttpSession) session.getUserProperties().get(httpSessionObject); } It ain't pretty. IMO, it was a serious design flaw in the spec not to provide ways to get the HttpSession and Cookies from the Session object

Re: Tomcat 8 Websocket API - Cookies Headers

()); } } Then later: @OnOpen public void onOpen(Session session) { HttpSession httpSession = (HttpSession) session.getUserProperties().get(httpSessionObject); } It ain't pretty. IMO, it was a serious design flaw in the spec not to provide ways to get the HttpSession and Cookies from

Tomcat 8 Websocket API - Cookies Headers

I'm trying to figure out how to get access to the cookies and headers passed up in the Websocket handshake request on Tomcat 8. In Tomcat 7 the whole HttpServletRequest was passed into the WebSocketServlet. createWebSocketInbound method so it was easy to grab from the request headers. In Tomcat 8

Re: Tomcat 8 Websocket API - Cookies Headers

On Fri, Aug 23, 2013 at 2:58 AM, toddfas todd...@gmail.com wrote: I'm trying to figure out how to get access to the cookies and headers passed up in the Websocket handshake request on Tomcat 8. In Tomcat 7 the whole HttpServletRequest was passed into the WebSocketServlet

Re: secure cookies

On Tue, Jul 30, 2013 at 9:39 PM, Jeffrey Janner jeffrey.jan...@polydyne.com wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, July 29, 2013 8:21 PM To: Tomcat Users List Subject: Re: secure cookies -BEGIN PGP SIGNED

Re: secure cookies

On Tue, Jul 30, 2013 at 6:51 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 7/29/13 4:09 PM, Jeffrey Janner wrote: Thanks for the verification, Mark. I was under the impression you'd only want to [set

Re: secure cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Prafull, On 7/30/13 9:44 AM, Prafull wrote: On Tue, Jul 30, 2013 at 6:51 AM, Christopher Schultz ch...@christopherschultz.net wrote: Jeffrey, On 7/29/13 4:09 PM, Jeffrey Janner wrote: Thanks for the verification, Mark. I was under the

  1   2   3   4   >