-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
To whom it may concern,
On 1/15/2011 7:36 AM, spr...@gmx.eu wrote:
Well, saying you use Form auth was misleading, wasn't it?
Is called FormAuth in Spring too.
While that may be true, simply stating that you are using FORM
authentication usually
On 14/01/2011 23:15, spr...@gmx.eu wrote:
Are you unable to retrieve the new session id?
This is all done magically by the Applet-Java-Runtime.
Programmatic login is now possible in Servlet 3.0, would this help?
I know, but the applet does NOT know the credentials.
The behaviour is
The behaviour is configurable. Set the changeSessionIdOnAuthentication
attribute to false on the FORM authenticator valve
Hm, ok. I do not use tomcat's auth mechanisms. I use spring security.
Something must have changed between TC 6.0 and 7.0. And I have no idea
what...
On 15/01/2011 09:59, spr...@gmx.eu wrote:
The behaviour is configurable. Set the changeSessionIdOnAuthentication
attribute to false on the FORM authenticator valve
Hm, ok. I do not use tomcat's auth mechanisms. I use spring security.
Something must have changed between TC 6.0 and 7.0. And I
Hm, ok. I do not use tomcat's auth mechanisms. I use spring
security.
Something must have changed between TC 6.0 and 7.0. And I
have no idea
what...
As has already been explained, the session ID changes on
authentication.
What do you mean with authentication? I do NOT use tomcat's
On 1/15/11 11:00 AM, spr...@gmx.eu wrote:
Hm, ok. I do not use tomcat's auth mechanisms. I use spring
security.
Something must have changed between TC 6.0 and 7.0. And I
have no idea
what...
As has already been explained, the session ID changes on
authentication.
What do you mean
Well, saying you use Form auth was misleading, wasn't it?
Is called FormAuth in Spring too.
If you're using Spring Security maybe your question would be better
addressed to one of the Spring forums?
Hm. But it works in TC 6.0 with the same version of spring.
Are you unable to retrieve the
I have a web app where the user logs in and starts an applet
which uploads a file and then opens a page in the browser. I
use Java 1.6_16.
When I do this in TC 6.0.13 the session-ID stays the same
after login. Fine.
When I do this in TC 7.0.5 the session-ID changes when the
applet
On 15/01/2011 16:39, spr...@gmx.eu wrote:
I have a web app where the user logs in and starts an applet
which uploads a file and then opens a page in the browser. I
use Java 1.6_16.
When I do this in TC 6.0.13 the session-ID stays the same
after login. Fine.
When I do this in TC 7.0.5 the
You will also need to set useHttpOnly=false on the Context. For
security, Tomcat sets the httpOnly flag on the cookie if
either of these
are true.
Uh... Where is this documented? I was already looking for it...
Thank you!
On 15/01/2011 16:55, spr...@gmx.eu wrote:
You will also need to set useHttpOnly=false on the Context. For
security, Tomcat sets the httpOnly flag on the cookie if
either of these
are true.
Uh... Where is this documented? I was already looking for it...
the useHttpOnly flag is documented
The interaction between the settings isn't documented as far as I
recall. (Patches welcome)
Can I patch it?
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail:
On 1/15/11 5:45 PM, spr...@gmx.eu wrote:
The interaction between the settings isn't documented as far as I
recall. (Patches welcome)
Can I patch it?
The docs are patchable, yes. Find them in Tomcat's SVN - create a diff
and attach it to a bug report in bugzilla.
p
0x62590808.asc
Hi,
I have a web app where the user logs in and starts an applet which uploads a
file and then opens a page in the browser. I use Java 1.6_16.
When I do this in TC 6.0.13 the session-ID stays the same after login. Fine.
When I do this in TC 7.0.5 the session-ID changes when the applet starts to
On 1/14/11 8:12 PM, spr...@gmx.eu wrote:
Hi,
I have a web app where the user logs in and starts an applet which uploads a
file and then opens a page in the browser. I use Java 1.6_16.
When I do this in TC 6.0.13 the session-ID stays the same after login. Fine.
When I do this in TC 7.0.5
What are you using the session id for?
I use form auth. Subsequent calls after a successful login in the same
session are not authenticated again.
This is standard I would say.
Don't rely on the session id remaining the same.
Then the applet has to know the user credentials and has to post to
On 1/14/11 10:13 PM, spr...@gmx.eu wrote:
What are you using the session id for?
I use form auth. Subsequent calls after a successful login in the same
session are not authenticated again.
This is standard I would say.
Are you unable to retrieve the new session id?
Don't rely on the
Are you unable to retrieve the new session id?
This is all done magically by the Applet-Java-Runtime.
Programmatic login is now possible in Servlet 3.0, would this help?
I know, but the applet does NOT know the credentials.
18 matches
Mail list logo