On Fri, Feb 19, 2010 at 12:02:18PM +0000, iainmac wrote: > > Hi, > > I have just moved from 5.0.18 to 6.0.24 using JSSE for SSL. > > I have a web application that checks for a current session, and if there > isn't one it sends the user to a login screen. This is working fine from > Explorer as it did before in the previous version of Tomcat, but it keeps > saying the session is new in Firefox, Safari and Chrome. > > In the jsp, this keeps taking me back to the login screen... > > if (session.getAttribute("userName")==null){ > response.sendRedirect("login.jsp"); > return; > } > > Why would Explorer work and the others not? > > Thanks, > > Iain
You might want to review new protection Tomcat has against session fixation, which was done in 6.0.21. http://issues.apache.org/bugzilla/show_bug.cgi?id=45255 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org