tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From iainmac <>
Subject Re: 6.0.24 SSL Session always New
Date Fri, 19 Feb 2010 18:50:19 GMT

Hi yes you are right, but I add it when I get a new validated session, so it
should be there, in effect for my code, it's he same thing.  This worked
fine for all browsers with 5.0.28, stopped working for all but MSIE from
6.0.20.  I think its a change as mentioned by the other kind respondent,
although if anyone knows why its not consistent across all browsers please
let me know.


awarnier wrote:
> iainmac wrote:
>> Hi,
>> I have just moved from 5.0.18 to 6.0.24 using JSSE for SSL.
>> I have a web application that checks for a current session, and if there
>> isn't one it sends the user to a login screen.  This is working fine from
>> Explorer as it did before in the previous version of Tomcat, but it keeps
>> saying the session is new in Firefox, Safari and Chrome.
>> In the jsp, this keeps taking me back to the login screen...
>> 	if (session.getAttribute("userName")==null){
>> 		response.sendRedirect("login.jsp");
>> 		return;
>> 	}
>> Why would Explorer work and the others not?
> Hi.
> I am being a bit adventurous here considering my knowledge of Java and 
> JSP, but it seems to me that the test above does not really check 
> whether there is or not a session; it checks whether the attribute 
> "userName" of the session is defined.  That may be a different thing.
> Other than that, assuming the above is correct, and assuming that the 
> server side is always the same, and only the browser changes,..
> - settings different in the different browsers ? (like IE allows 
> cookies, the other ones not ?)
> - you are within a Windows network, and some Windows authentication 
> mechanism plays a role when you use IE, and not when you use the other 
> browsers ?
> You should probably provide more information about your setup, to allow 
> people here to make more informed guesses. Like
> - under what OS is Tomcat running ?
> - what kind of authentication does your webapp use ? (WEB-INF/web.xml)
> - are you accessing Tomcat directly, or through another webserver and a 
> connector ?
> - the settings of your SSL connector ? (passwords etc. removed)
> - what do the logs say ?
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View this message in context:
Sent from the Tomcat - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message