tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 25852] New: - Error Session Creation under SSL and switch to non-SSL
Date Thu, 01 Jan 2004 03:31:59 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25852>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25852

Error Session Creation under SSL and switch to non-SSL

           Summary: Error Session Creation under SSL and switch to non-SSL
           Product: Tomcat 5
           Version: 5.0.16
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: hander3@terra.com


In order to explain the error, consider the following situation:

- Install Tomcat 5.0.16
- Setup SSL under Tomcat.
- Point the browser to https://localhost:8443/aplic/servlet/test?option=1 (SSL)
  
  This servlet does something like:

  HttpSession s=request.getSession(true);
  
  So now the session has been created, as it is the first call to the servlet.
  But just after starting the session, the servlet does something like:

  response.sendRedirect("http://localhost:8080/aplic/servlet/test?option=2"); 
(not SSL).

  And here there is the problem: The session was created under SSL, and now 
that we are NOT under SSL, when the servlet does:

  HttpSession s=request.getSession(false); // false because the session was 
created when we called the servlet under SSL.

 Now the session is NULL.

So the problem is that sessions created under SSL are not valid when these 
sessions are requested from no-SSL.
This didn't happen in Tomcat 4.1.27, so I suppose it is a Tomcat 5 bug.

Thank you!

Ricotta

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message