Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 68588 invoked from network); 10 Jan 2006 03:08:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 10 Jan 2006 03:08:46 -0000 Received: (qmail 53369 invoked by uid 500); 10 Jan 2006 03:08:32 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 53355 invoked by uid 500); 10 Jan 2006 03:08:32 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 53344 invoked by uid 99); 10 Jan 2006 03:08:32 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Jan 2006 19:08:32 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of jak-tomcat-user@m.gmane.org designates 80.91.229.2 as permitted sender) Received: from [80.91.229.2] (HELO ciao.gmane.org) (80.91.229.2) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Jan 2006 19:08:30 -0800 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1Ew9rf-0000rQ-JS for users@tomcat.apache.org; Tue, 10 Jan 2006 04:08:04 +0100 Received: from pool-71-107-253-97.lsanca.dsl-w.verizon.net ([71.107.253.97]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 10 Jan 2006 04:08:03 +0100 Received: from wbarker by pool-71-107-253-97.lsanca.dsl-w.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 10 Jan 2006 04:08:03 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: users@tomcat.apache.org From: "Bill Barker" Subject: Re: AW: JSessionID Date: Mon, 9 Jan 2006 19:08:19 -0800 Lines: 61 Message-ID: References: <10361639FF4CA04ABB30F54683E4FB850614A679@exchange2.home.zooplus.de> <43C298CA.4040802@ptc.com> X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: pool-71-107-253-97.lsanca.dsl-w.verizon.net X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 X-RFC2646: Format=Flowed; Response X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Sender: news X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N "Jess Holle" wrote in message news:43C298CA.4040802@ptc.com... > Conveying servlet sessions by SSL session is clearly not required by the > spec, though... > > I'm not sure whether Tomcat supports this... > It doesn't (mostly because nobody has been interested enough to write the code for it). > Bernhard Slominski wrote: > >>Hi, >> >>I just looked it up in the spec and there is a 3rd one as well: SSL >>Sessions >> >>>>From the Servlet spec: >> >>"SRV.7.1 Session Tracking Mechanisms >>The following sections describe approaches to tracking a user's sessions >> >>SRV.7.1.1 Cookies >>Session tracking through HTTP cookies is the most used session tracking >>mechanism and is required to be supported by all servlet containers. >>The container sends a cookie to the client. The client will then return >>the >>cookie on each subsequent request to the server, unambiguously associating >>the >>request with a session. The name of the session tracking cookie must be >>JSESSIONID. >> >>SRV.7.1.2 SSL Sessions >>Secure Sockets Layer, the encryption technology used in the HTTPS >>protocol, >>has a >>built-in mechanism allowing multiple requests from a client to be >>unambiguously >>identified as being part of a session. A servlet container can easily use >>this data to >>define a session. >> >>SRV.7.1.3 URL Rewriting >>URL rewriting is the lowest common denominator of session tracking. When a >>client will not accept a cookie, URL rewriting may be used by the server >>as >>the basis >>for session tracking. URL rewriting involves adding data, a session ID, to >>the URL >>path that is interpreted by the container to associate the request with a >>session. >>The session ID must be encoded as a path parameter in the URL string. The >>name of the parameter must be jsessionid. >>..." >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org