tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sven Bovin" <>
Subject Session tracking with Apache 2.0.x + Tomcat 4.0.x/4.1.x + mod_jk 1.2.x
Date Fri, 14 Jan 2005 10:48:21 GMT
We have a webapp running on Tomcat 4.0.x/4.1.x behind
an Apache web server. Apache and Tomcat talk to each
other using mod_jk 1.2.x (we have several installations
with different versions of Apache, Tomcat and mod_jk).
Users connect to the webapp via Apache over SSL and we
use a custom authentication mechanism that is not
related to Tomcat or Apache authentication (using a
transaction on a separate server).

I have been asked to investigate the possibility of
using session tracking based on the SSL session (as
per the 2.3 Java servlet specification). Would that
be possible in our setup ?  My main concern would be
that the SSL session would not be known to Tomcat
because of the Apache "front end" (which we can't do
without without completely refactoring our app).



Sven Bovin

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message