Re: Apache HTTPD (with SSL) + mod_jk + TomEE (Tomcat) nullify the ssl session id

Christopher Schultz Wed, 08 Jul 2015 08:47:38 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Alex,


On 7/8/15 10:18 AM, Alex Soto wrote:
> I have tried what you mention. When SSL_Id is there both 
> request.getAttribute("javax.servlet, ....."); and 
> request.getAttribute("SSL_SESSION_ID"); returns valid sslId and in
> the same way if one is null them the other one is null too so it
> behaviour is consistent. About header approach always it is null,
> probably something in rewrite is not set in header.

That sounds like httpd isn't providing the session id.

Are you absolutely sure that all of these requests are actually HTTPS
from the client? Do you ever switch between HTTPS and HTTP?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVnUWVAAoJEBzwKT+lPKRYEuYQAKdxOcVmVjJI3ul57zCWys43
KOO0cQddZUnuerb3zpBKSZn8ab6KCvVCs+usULV498OAjEUOaNl2PscgNCTbT7+G
YjxvXsz3TsgDvf5tIDexEFnuteb1/zxwmxl/yREjITTl4XnSx3MHPDH7n9vBiYlO
4iHFdmSF5K3CIAKweCjBYpsQdKAaVtmrfJzdpfOnop2tIlC+vAL2w5pgHOshm18Z
dR3oOcSztev9Vws4iOYQlwc47Cg3M0bxyZ/KyIOd2IAUp0vpc8KTa2Hym388VnP+
UfnCUeAOfF2eKfk4c0aXJ3VNAkfIMJ44gG9oSI2lAChk8dbK4PE41sZ+ykHPwJgR
gXXxXbAfrdbFuav2DtWAAoEUiGQGA4YuKqJxJMQa6LOI6sJ2+TXE/CIUkRwmijRs
NkKRDGy9KW9eVsF6N7gtCsDAoL/qbu8yr01d1A6hLiofiUj3EkweNBVs2dzMmt+N
WsY2Rbr9MdmYtaEcXI+uGsM5bLWatBDMxErnMCWve0QgrGiRjREns39ixuiuWpQI
qbBMGhLajjDxtLpd2mMiqXvLLXVIHKem3bJ/lxACiSmYlw/5/gDayoHt9KYYbxEu
adJ9wGjDRlaowokEKdGFd4GVndqoiK0NPfd2lgvSpZLuUL/qwoklTdiGr6zhkvT7
T+GAJuwkYY7GSgMplLrS
=vEii
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache HTTPD (with SSL) + mod_jk + TomEE (Tomcat) nullify the ssl session id

Reply via email to