httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Melanie Pfefer <melanie_pfe...@yahoo.co.uk>
Subject Re: [users@httpd] apache does not preserve user session of tomcat
Date Mon, 21 Apr 2008 14:16:40 GMT
hi Krist,


In LiveHTTPHeaders:

Set-Cookie: JSESSIONID=2637CA3EADF9422597DF276AE1846E55; Path=/abc; Secure

So I guess this means that the session is "secure". and from what you have said, the brwoser
cannot send this cookie over http.

If the above reasoning is true, what are the alternatives?
thanks in advance



--- On Mon, 21/4/08, Krist van Besien <krist.vanbesien@gmail.com> wrote:

> From: Krist van Besien <krist.vanbesien@gmail.com>
> Subject: Re: [users@httpd] apache does not preserve user session of tomcat
> To: users@httpd.apache.org, melanie_pfefer@yahoo.co.uk
> Date: Monday, 21 April, 2008, 4:09 PM
> On Mon, Apr 21, 2008 at 2:21 PM, Melanie Pfefer
> <melanie_pfefer@yahoo.co.uk> wrote:
> 
> >  Before editing httpd.conf, on the tomcat side: how to
> set the correct cookiedomain in the webapp?
> 
> How to set this in the webapp I can't know, as I'm
> not a webapp
> specialist. But I have to deal with similar problems you
> have all the
> time.
> What I'd suggest is look at what exactly the server
> sends, and what
> the browser does with it. You can use firefox, and an
> extension like
> LiveHTTPHeaders to see exactly what gets send by the server
> and by the
> browser. This will allow to see what the cookie looks like
> that gets
> sent.
> There is another thing I remembered. You are proxying http
> to https.
> Now it is possible that the cookie that your tomcat
> generates (and
> passes to the browser) is a "secure" cookie. Some
> java webapps do this
> by default if accessed over https. A browser will never
> send such a
> cookie over a non-secure connection. So if you access your
> webapp via
> your apache server the browser gets it's cookie, but
> never sends it
> back, on subsequent requests, so the session info gets
> lost. You can
> verify this using LiveHTTPHeaders.
> 
> Krist
> 
> -- 
> krist.vanbesien@gmail.com
> krist@vanbesien.org
> Bremgarten b. Bern, Switzerland
> --
> A: It reverses the normal flow of conversation.
> Q: What's wrong with top-posting?
> A: Top-posting.
> Q: What's the biggest scourge on plain text email
> discussions?
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org


      __________________________________________________________
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message