Hi there,
I'd like to specify a custom implementation of 'StandardClassLoader' for
Tomcat 6. I've written such an implementation of
'org.apache.catalina.loader.StandardClassLoader' and dropped it onto the
classpath (using the Eclipse launch configuration). However, I get an error:
Hello @ll,
I have two Tomcat instances (6.0.32 x64 on Windows) on the same server. Both
servers make their own clustering with the other physical node independent
from each other on the same machine.
I get during start of the 2nd Tomcat on the same node the following error:
INFO: Receiver
On Fri, 4 Nov 2011 11:23:59 +, Paul Wilson wrote:
It seems that only the lib/* jars are available at this point in
time, and
not bootstrap.jar.
What's the correct way to override the StandardClassLoader?
Just out of curiosity: what do you need it for?
--
Mikolaj Rydzewski m...@ceti.pl
Hi,
I have recently been using
the org.apache.catalina.filters.CsrfPreventionFilter, and I notice that the
documentation for setNonceCacheSize states:
Sets the number of previously issued nonces that will be cached on a
LRU basis to support parallel requests...
However, looking at the
I'm hoping to replace it with an aspect weaver.
On 4 November 2011 13:13, Mikolaj Rydzewski m...@ceti.pl wrote:
On Fri, 4 Nov 2011 11:23:59 +, Paul Wilson wrote:
It seems that only the lib/* jars are available at this point in time, and
not bootstrap.jar.
What's the correct way to
Hello,
Thank you for reading my post.
Maybe my question is not purely related to Tomcat but here is my problem:
- a user logs into my Webapp;
- his session expires;
- if he:
- presses the F5 key (browser refresh functionality),
- goes back to the previous screen using the browser go
On Fri, 2011-11-04 at 07:16 -0700, Léa Massiot wrote:
Hello,
Thank you for reading my post.
Maybe my question is not purely related to Tomcat but here is my problem:
- a user logs into my Webapp;
- his session expires;
- if he:
- presses the F5 key (browser refresh functionality),
@Tim : Thank you for your answer.
[Tim wrote:] Uncertain is a bit vague.
Yes. Ok. This is my understanding which is uncertain then.
What happens is what you wrote: a new session for the user with _none_ of
the objects from
the old session in it.
[Tim wrote:] If every page in the web app is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pete,
On 11/4/11 9:14 AM, Pete Gould wrote:
I have recently been using the
org.apache.catalina.filters.CsrfPreventionFilter, and I notice that
the documentation for setNonceCacheSize states:
Sets the number of previously issued nonces that will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul,
On 11/4/11 7:23 AM, Paul Wilson wrote:
I'd like to specify a custom implementation of
'StandardClassLoader' for Tomcat 6. I've written such an
implementation of 'org.apache.catalina.loader.StandardClassLoader'
and dropped it onto the
Hi,
Okay, great. I guess that I should raise a bug for this then.
The reason that I think that add() needs to change is that it used to be:
cache.put(key, null);
and therefore cache.contains() would return null as it would have to change
to use get(). This is because we can no longer use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Léa,
On 11/4/11 12:04 PM, Léa Massiot wrote:
@Tim : Thank you for your answer.
[Tim wrote:] Uncertain is a bit vague.
Yes. Ok. This is my understanding which is uncertain then. What
happens is what you wrote: a new session for the user with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pete,
On 11/4/11 1:06 PM, Pete Gould wrote:
Okay, great. I guess that I should raise a bug for this then.
The reason that I think that add() needs to change is that it used
to be:
cache.put(key, null);
and therefore cache.contains() would
@Christopher :
Thank you for your answer.
Christopher wrote:
The new session created is completely empty. It has nothing to do with the
user going back in the history, etc.
No, you are right.
What I meant is that I was/am managing session expiration inside the Webapp
(for instance if the
On Fri, 2011-11-04 at 13:07 -0400, Christopher Schultz wrote:
On 11/4/11 12:04 PM, Léa Massiot wrote:
SNIP
I would basically echo what Chris said.
[Tim wrote:] I'm assuming (perhaps incorrectly) you've already
got some declaration in there for form authentication?
What are you thinking
On 04/11/2011 13:14, Pete Gould wrote:
Hi,
I have recently been using
the org.apache.catalina.filters.CsrfPreventionFilter, and I notice that the
documentation for setNonceCacheSize states:
Sets the number of previously issued nonces that will be cached on a
LRU basis to support parallel
Léa,
Life needn't be this difficult. :-) You're reinventing wheels here
instead of understanding how the wheels you already have work. Again,
read the spec. Pretty please. So many questions will be answered.
On Fri, 2011-11-04 at 11:55 -0700, Léa Massiot wrote:
@Christopher :
Thank you
On Fri, Nov 4, 2011 at 20:23, Mark Thomas ma...@apache.org wrote:
[...]
I think the thing to do here is to work out what the 'best' solution is
and fix the docs/code accordingly. I think LRU is the way to go in which
case the current code needs fixing.
I see more arguments for the LRU case:
On 4 Nov 2011, at 11:24, Paul Wilson paulalexwil...@gmail.com wrote:
Hi there,
I'd like to specify a custom implementation of 'StandardClassLoader' for
Tomcat 6.
Why?
I've written such an implementation of
'org.apache.catalina.loader.StandardClassLoader' and dropped it onto the
On 4 Nov 2011, at 19:24, Tim Watts t...@cliftonfarm.org wrote:
Léa,
Life needn't be this difficult. :-) You're reinventing wheels here
instead of understanding how the wheels you already have work. Again,
read the spec. Pretty please. So many questions will be answered.
+1
JSP != PHP
It has been identified to me by our security group that my Apache Tomcat
6.0.33 has the following vulnerability CVE-2011-3190. There is a link on
the Apache Tomcat 6.0 Security page to
http://svn.apache.org/viewvc?view=revisionrevision=1162959 as a patch.
The link list three files:
Héhé. No comment.
Have a good week-end and cheers,
--
Léa
--
View this message in context:
http://old.nabble.com/Session-expiration---browser--Web-application-tp32780678p32783180.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
Brendan,
The link is a list of the files that were modified to fix the
vulnerability. These files can be used to patch the source code for
Tomcat. After patching the source code, you would then need to
recompile it and update your Tomcat installation with the recompiled
binaries.
In my
2011/11/5 Brendan P Keenan bkee...@csc.com:
It has been identified to me by our security group that my Apache Tomcat
6.0.33 has the following vulnerability CVE-2011-3190. There is a link on
the Apache Tomcat 6.0 Security page to
http://svn.apache.org/viewvc?view=revisionrevision=1162959 as a
24 matches
Mail list logo
