Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Received-SPF: pass (athena.apache.org: domain of barbarasv@di.uminho.pt
 designates 193.136.19.24 as permitted sender)
From: =?iso-8859-1?Q?B=E1rbara_Vieira?= <barbarasv@di.uminho.pt>
To: "'Tomcat Users List'" <users@tomcat.apache.org>
References: <001801c83375$98a96e50$c9fc4af0$@uminho.pt>
 		<47506170.6070202@hanik.com>
 	<BAY108-DAV1073EFED8F48463E3BD803AE710@phx.gbl>
 	<000001c833ae$656dcd40$304967c0$@uminho.pt>
 <2828B04F0113CD468E6D1D51DF4362A404187B14@USEA-EXCH2.na.uis.unisys.com>
In-Reply-To: 
 <2828B04F0113CD468E6D1D51DF4362A404187B14@USEA-EXCH2.na.uis.unisys.com>
Subject: RE: SSL Session expires every request
Date: Sat, 1 Dec 2007 14:43:07 -0000
Message-ID: <000001c83428$7d8edcf0$78ac96d0$@uminho.pt>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Thread-Index: AcgzpceEQ/uMlEgCSJuoYN3UY1YqRAAB7rXgAADmg2AAHUYLwA==
Content-Language: pt

Hi Chuck!
That's what I'm doing :

- I had implemented a valve that extends FormAuthenticator to provide 2
authentications methods at the same time : FORM and CLIENT_CERT.

- Until this week everything worked fine : I can authenticate the users =
with
2 authentications methods, and the session is maintained. Yesterday, =
when I
try to accede to HttpSession in Servlets, what's happen was: when the =
user
is authenticated using FORM method, HttpSession isn't null in servlets,
neither internal session(Session) in valve. However, when the user is
authenticated using a CERT, all the sessions are null : HttpSession in
Servlets and Session(Internal Session) in my Valve.

- Well, I thought that the problem was in my valve, so I disable my =
valve,
and in my web application I configured only one authentication method -
CLIENT_CERT. However, the HttpSession was still null.

- The strange thing is that everything works fine - I can authenticate =
the
user using CLIENT_CERT method, and retrieve to him the requested URL and =
I
have access to Principal in the HttpServletRequest object. But, when =
there
is no session.=20

- I had checked if the browsers accept cookies too, and it accepts.

Do you have any idea of what's happen?!
Thanks,
Regards from Braga, Portugal
B=E1rbara Vieira
 =20

-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]=20
Sent: s=E1bado, 1 de Dezembro de 2007 00:30
To: Tomcat Users List
Subject: RE: SSL Session expires every request

> From: B=E1rbara Vieira [mailto:barbarasv@di.uminho.pt]=20
> Subject: RE: SSL Session expires every request
>=20
> HttpSession wasn't null in the beginning, when I started
> my implementation. However, now is null in every request.

How are you retrieving the session?  A code sample would be good.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you =
received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org