Thanks I think it must be something to do with that.
Eric Lenio-5 wrote:
>
> On Fri, Feb 19, 2010 at 12:02:18PM +0000, iainmac wrote:
>>
>> Hi,
>>
>> I have just moved from 5.0.18 to 6.0.24 using JSSE for SSL.
>>
>> I have a web application that checks for a current session, and if there
>> isn't one it sends the user to a login screen. This is working fine from
>> Explorer as it did before in the previous version of Tomcat, but it keeps
>> saying the session is new in Firefox, Safari and Chrome.
>>
>> In the jsp, this keeps taking me back to the login screen...
>>
>> if (session.getAttribute("userName")==null){
>> response.sendRedirect("login.jsp");
>> return;
>> }
>>
>> Why would Explorer work and the others not?
>>
>> Thanks,
>>
>> Iain
>
> You might want to review new protection Tomcat has against session
> fixation, which was done in 6.0.21.
>
> http://issues.apache.org/bugzilla/show_bug.cgi?id=45255
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
--
View this message in context:
http://old.nabble.com/6.0.24-SSL-Session-always-New-tp27652568p27658593.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
