Don't assume your SSL session or connection hasn't been invalidated just 
because you aren't asked to choose a certificate from your browser certs when 
you log in again.  In our system (Tomcat 5.5.33), I know that our HTTP session 
and Single Sign-on session are invalidated upon logout, and we see similar 
behavior (no need to select certificate) upon re-login because the browser 
caches the user's certificate choice (and smart card PIN).  Is your session ID 
the same when you go back in?  

If you are using IE and you want to clear the browser cache to select another 
certificate, go to Tools->Internet Options, select Content tab, and click Clear 
SSL state. 

-----Original Message-----
[] On 
Behalf Of Jürgen Jakobitsch
Sent: Tuesday, September 06, 2011 3:12 PM
To: Tomcat Users List
Subject: Re: SSLSession invalidate

thanks mark,

if i understand you correct, it is simply NOT possible to invalidate the 
SSLSession of which i can get the id with 
(it works with this key in 6.0.32)

wkr turnguard

----- Original Message -----
From: "Mark Thomas" <>
To: "Tomcat Users List" <>
Sent: Wednesday, September 7, 2011 12:08:29 AM
Subject: Re: SSLSession invalidate

On 06/09/2011 22:42, Jürgen Jakobitsch wrote:
> apparently there is one, i can get it's id with 
> request.getAttribute("javax.servlet.request.ssl_session")

That is a Tomcat bug it should be javax.servlet.request.ssl_session_id

> in tomcat7 there's the possibility to use SSLSessionManager to 
> invalidate SSLSession, so i'm doing a wild guess, that something similar has 
> to be possible with tomcat6 as well.

Your wild guess is wrong. That feature is in Tomcat 7 onwards.


To unsubscribe, e-mail:
For additional commands, e-mail:

| Jürgen Jakobitsch,
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8 A - 1070 Wien, Austria 
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22


| web   :
| foaf  :
| skype : jakobitsch-punkt

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to