tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From iainmac <iain_macau...@hotmail.com>
Subject Re: 6.0.24 SSL Session always New
Date Fri, 19 Feb 2010 18:46:31 GMT

Thanks I think it must be something to do with that.

Eric Lenio-5 wrote:
> 
> On Fri, Feb 19, 2010 at 12:02:18PM +0000, iainmac wrote:
>> 
>> Hi,
>> 
>> I have just moved from 5.0.18 to 6.0.24 using JSSE for SSL.
>> 
>> I have a web application that checks for a current session, and if there
>> isn't one it sends the user to a login screen.  This is working fine from
>> Explorer as it did before in the previous version of Tomcat, but it keeps
>> saying the session is new in Firefox, Safari and Chrome.
>> 
>> In the jsp, this keeps taking me back to the login screen...
>> 
>> 	if (session.getAttribute("userName")==null){
>> 		response.sendRedirect("login.jsp");
>> 		return;
>> 	}
>> 	
>> Why would Explorer work and the others not?
>> 
>> Thanks,
>> 
>> Iain
> 
> You might want to review new protection Tomcat has against session
> fixation, which was done in 6.0.21.
> 
> http://issues.apache.org/bugzilla/show_bug.cgi?id=45255
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/6.0.24-SSL-Session-always-New-tp27652568p27658593.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message