On 08/06/2010 20:27, antongiuli...@gmail.com wrote: > Hi, > > I have a webapp (Spring+Hibernate) running on Tomcat 5.5.15. Tomcat is > configured for Single-Sign-On and it works fine with the login system of the > application (typical login/password).
You should really make a plan to upgrade Tomcat promptly, that version is seriously old and there have been another 14 version releases since then, with many bug and security fixes. p > Anyway at the moment it's not well working when an external link is executed > from a Word file (Microsoft Office 2003/2007 - more info here: > http://support.microsoft.com/kb/899927). > Basically when the link requires a protected page, normally the user is > redirected to the login page and, after a successful login, the page should > be displayed. But it happens only if the user Copy&Paste the link on the > browser URL bar. Instead, if he clicks on the Word file after the login, he > is redirected to the default home page. > > I debugged the application, browser cookies and http sessions and it looks > like another session is created: > > 1) when the link is sent ("200") to the application > 2) it returns "302" http status and JSESSIONID (strangely this value is > always the same) > 2) Word requires connection again ("200") > 3) A new JSESSIONID cookie is created differently from the 1) and returns > "200" > > the changed session of course cause of the application fails the redirection > after login. > > How can I configure Tomcat to make it work with this kind of connection and > keeping on work with the usual login via browser? > > Thanks, > Julio > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
signature.asc
Description: OpenPGP digital signature
