tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <>
Subject Re: tomcat with jcaptcha
Date Mon, 07 Jul 2008 13:07:05 GMT

----- Original Message ----- 
From: "Johnny Kewl" <>
To: "Tomcat Users List" <>
Sent: Monday, July 07, 2008 2:53 PM
Subject: Re: tomcat with jcaptcha

> ----- Original Message ----- 
> From: "WILLIAMer" <>
> To: <>
> Sent: Monday, July 07, 2008 5:51 AM
> Subject: tomcat with jcaptcha
>> Hi! all,
>> I have an application named "eCom" unnder the tomcat/webapps and using
>> jcatpcha with the login page.
>> I set the eCom becomes the root dir(path) with the server.xml.
>> So, http://myDomain/ will equal http://myDomain/eCom/.
>> And its seems ok and work with every page.
>> But there is an error when I try to login. The jcaptcha give me an
>> exception.
>> "com.octo.captcha.service.CaptchaServiceException: Invalid ID, could not
>> validat
>> e unexisting or already validated captcha"
>> So i try another login page with the http://myDomain/eCom/, but its work
>> fine.
>> In fact , the login page is the same.
>> I think "http://myDomain/Login.jsp" and "http://myDomain/eCom/Login.jsp" 
>> is
>> the same.
>> Because i set the dir "eCom" become my root dir.
>> I dont know how this error cause?
>> I try to google this exception , but no one likes me.
> Ha ha... you nice guy.... difficult question ;)
> Sessions dont share across webapps....
> It sounds like you making duplicate webapps in different contexts... ie 
> eCom, ROOT
> Session will *not* move across....
> Its easier to REDIRECT from ROOT to ecom/login.
> Not have two webapps
> If you *have to* try share sessions, then read about...
> <Connector port="8080"   and the... emptySessionPath="true"
> This will make "browser cookies" come back to all webapp.... not a good 
> thing... slow
> Then read up on
> <Context  and the.... crossContext="true"
> This allows one to pass data between webapps... so you can call across 
> from one webapp to another and get captcha ID...
> This is all more complicated than being Robert Mugabe's psychiatrist 
> ;).... but google on this and you will learn...
> If using Tomcat security... not possible to move authorization from one 
> webapp to another....

Actually ... I'm wrong here TC has a Single Sign On Valve...
So read about this as well...

> Also read up on singletons... ie sharing data in common/lib.... its 
> another way to share data across webapps.... and probably the best way if 
> combined with you make your own path-less "/" cookie and use that....
> So you can have one webapp and one servlet generating captcha images and 
> get the ID... "check text" yourself.
> The reason browser do not send back cookie information is that if they use 
> a cookie path..... like  /webapp1 and it will not come back to /webapp2
> But cookies *can* be made pathless...
> I got my own captch software so dont know Jcaptcha... but you should ask 
> this question to the JCatcha guys... its a common problem and maybe they 
> have the answer... they have probably done it already... possibly through 
> dB/singleton/cross context/shared file ... you see its hard problem... 
> many solutions.
> You english is hard to understand.... but I thing the question is... "I 
> got one webapp with a servlet generating captcha images... for all my 
> other webapps... how to I share the "check text".... to do this I need to 
> track a cookie across contexts... can JCaptcha do it?
> .... but one thing you cant do, is just duplicate a webapp in /admin /root 
> /eCom.... and think that the security and session will work across them... 
> it wont.
> Its not so much about the way Tomcat works... its about the way *browsers 
> work*
> Good Luck...
> ps: Think about this... this is the way we do captcha...
> We generate many captcha images on disk *one time*.... the webapp picks 
> one randomly.... say image_1500.gif and sends it... and the dB knows that 
> image 1500 is "Check Me".... thats small enuf to put in all webapps and a 
> dB is happy to work across webapps.... each webapp has its own session... 
> and 5 lines of code ;)
> The whole captcha problem starts when a "different" webapp is doing the 
> "random selection"... this is also very quick, captcha takes a long time 
> to generate.... and your linux server can be headless... because captcha 
> generation needs the Java UI to work.... ;)
> ---------------------------------------------------------------------------
> The most powerful application server on earth.
> The only real POJO Application Server.
> See it in Action :
> ---------------------------------------------------------------------------

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message