jakarta-cactus-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kazuhito SUGURI <suguri.kazuh...@lab.ntt.co.jp>
Subject Re: Antwort: Re: Security (using FormAuthentication) not working against WebSphere 5.1
Date Tue, 08 Jun 2004 15:14:57 GMT
Hi,

In article <OF9B869634.25DAA718-ONC1256EAD.004543C0-C1256EAD.0045D818@mn.man.de>,
Tue, 8 Jun 2004 14:42:53 +0200,
Anton_Grimm@mn.man.de wrote: 
Anton_Grimm> Do you think it is the right place to change the implementation of the
Anton_Grimm> method
Anton_Grimm>       getSecureSessionIdCookie()
Anton_Grimm> in FormAuthentication to include step3) and step4) if no cookie is found in
Anton_Grimm> step 2) ?

Yes, I think so.

But, we have no data yet.
I'm wondering if WAS is sending Set-Cookie JSESSIONID header 
only for successfully authenticated user, i.e. at step (6).
# if the session tracking can be started at step(4), why cannot at step(6)...

Please let us know when you find a new fact.

Regards,
----
Kazuhito SUGURI
mailto:suguri.kazuhito@lab.ntt.co.jp

Mime
View raw message