tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Decker <MDec...@tesis.de>
Subject Re: Tomcat 5.5 / Apache 2 / Join (Tomcat-) Session with SSL-Session / Which mod should be used?
Date Fri, 19 May 2006 11:08:27 GMT
	Hi!

>> 1.) Which mod should I use?
> mod_proxy (is a supporting library in apache, which I think you need to
> load in order to use mod_proxy_ajp or mod_proxy_xyzanything).

The advantage seems to be, that it's easier to configure.

>> 2.) How to join application and SSL session?
>> I've read in an old tomcat-apache-ssl documentation [5] that mod_jk is
>> able to forward SSL session information to tomcat. So I wonder, how
>> configure tomcat using ssl session as application session.
> 
> If you are front ending with apache, then you want mod_ssl.  If you are
> using mod_ssl it will handle the SSL session.

Yes of cause... You're right...

> The AJP protocol will convery the SSL information to tomcat fairly
> seamlessly, the idea being from the web-app's point of view it can't
> tell the difference between an Apache fronted HTTP session and one
> coming in via a AJP connector.

You mean, that the session will be created by apache not by tomcat?

> The AJP protocol is not secure from traffic snooping or secure again
> pirate connections hijacking it directly, if you intend to run both on
> the same machine I suggesting making Tomcat listen on 127.0.0.1:8007.

Yes, that is, what I'm going to do.

My problem is, that the application session (set by cookie or url
parameter) is not associated with the SSL session. And I hope, there is
an easy way to that.

Thanks a lot,
	Michael

-- 
Michael Decker                      Michael.Decker@tesis.de
TESIS SYSware GmbH                      http://www.tesis.de
Baierbrunnerstr. 15 * 81379 Muenchen * Tel. +49 89 747377-0


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message