tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: AW: JSessionID
Date Tue, 10 Jan 2006 03:08:19 GMT

"Jess Holle" <jessh@ptc.com> wrote in message 
news:43C298CA.4040802@ptc.com...
> Conveying servlet sessions by SSL session is clearly not required by the 
> spec, though...
>
> I'm not sure whether Tomcat supports this...
>

It doesn't (mostly because nobody has been interested enough to write the 
code for it).



> Bernhard Slominski wrote:
>
>>Hi,
>>
>>I just looked it up in the spec and there is a 3rd one as well: SSL 
>>Sessions
>>
>>>>From the Servlet spec:
>>
>>"SRV.7.1 Session Tracking Mechanisms
>>The following sections describe approaches to tracking a user's sessions
>>
>>SRV.7.1.1 Cookies
>>Session tracking through HTTP cookies is the most used session tracking
>>mechanism and is required to be supported by all servlet containers.
>>The container sends a cookie to the client. The client will then return 
>>the
>>cookie on each subsequent request to the server, unambiguously associating
>>the
>>request with a session. The name of the session tracking cookie must be
>>JSESSIONID.
>>
>>SRV.7.1.2 SSL Sessions
>>Secure Sockets Layer, the encryption technology used in the HTTPS 
>>protocol,
>>has a
>>built-in mechanism allowing multiple requests from a client to be
>>unambiguously
>>identified as being part of a session. A servlet container can easily use
>>this data to
>>define a session.
>>
>>SRV.7.1.3 URL Rewriting
>>URL rewriting is the lowest common denominator of session tracking. When a
>>client will not accept a cookie, URL rewriting may be used by the server 
>>as
>>the basis
>>for session tracking. URL rewriting involves adding data, a session ID, to
>>the URL
>>path that is interpreted by the container to associate the request with a
>>session.
>>The session ID must be encoded as a path parameter in the URL string. The
>>name of the parameter must be jsessionid.
>>..."
>> 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message