tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Smith <>
Subject Re: Moving from a very old Tomcat to a new Tomcat.
Date Fri, 23 May 2008 22:53:32 GMT
So if I have this right, the sequence is:

1. Login to the unsecure http site
2. Click on a https secure link
3. You get a second login.

If that's the case, you should change things so people get moved to the 
secure https page, login, and then taken back to the http unsecure 
page.  Sessions created in the unsecure http protocol are not trusted by 
the secure https protocol in tomcat.  If I remember right, sessions 
created in secure https are trusted by http.


Bill Davidson wrote:
> I am trying to move an old Tomcat application to a new one.  I am
> new to Tomcat administration.  This application has been around for
> a long time but due to resources, it hasn't been keeping up with
> Tomcat releases.  However, it's becoming clear that it's time to get
> more up to date to take advantage of the features in the newer
> Tomcat (like a newer JSP standard, clustering, improved security
> etc) so I've been tasked with getting our old software running on
> newer servers.
> Old:
>    Tomcat 3.2.4
>    Apache web server 1.3.34 + ssl (using Apache SSL) and mod_jk
>    Java 1.4.2.
>    Redhat 7.0 Release 1
> New:
>    Tomcat 6.0.16
>    Apache web server 2.2.8 (using mod_ssl obviously) and mod_jk
>    Java 1.6.0_06
>    Redhat 5Server Release (64-bit)
> The class files are still being compiled with Java 1.4.2 and it's still
> using the old libraries.  I'm dropping the webapp into the webapps
> directory.  Non-servlet/jsp files are being served by Apache web server.
> I picked up a copy of "Tomcat: The Definitive Guide" 2nd Edition by
> Brittain & Darwin and have found it very helpful.
> I've mostly got it working but there is some oddness with sessions at
> login time that I haven't quite figured out.  It may also be an Apache
> web server problem.  I'm not sure.  I think it may have to do with the
> transition between non-SSL to SSL when I login.  Apache has a main host
> on myHost.myDomain:80 and a VirtualHost for
> I think that might be part of my problem.
> For some reason I end up having to login twice because the session 
> doesn't
> get recognized initially (though the second time, it tells me I'm already
> logged in).  After that, the app works fine but the double login thing
> is annoying.  I'm not sure if it's my app's fault or my configuration.
> BTW, this app is huge and has been around for about 8 years but I've
> only been working with it for about 5 months.
> Does anyone have any pointers to which configuration directives I should
> be looking for?
> When Apache switches you from its main host to one of its virtual hosts,
> does it change the session id or is that completely unrelated to the
> session id in Tomcat?
> ------------------------------------------------------------------------
> ---------------------------------------------------------------------
> To start a new topic, e-mail:
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message