tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: 6.0.24 SSL Session always New
Date Fri, 19 Feb 2010 12:25:47 GMT
iainmac wrote:
> Hi,
> I have just moved from 5.0.18 to 6.0.24 using JSSE for SSL.
> I have a web application that checks for a current session, and if there
> isn't one it sends the user to a login screen.  This is working fine from
> Explorer as it did before in the previous version of Tomcat, but it keeps
> saying the session is new in Firefox, Safari and Chrome.
> In the jsp, this keeps taking me back to the login screen...
> 	if (session.getAttribute("userName")==null){
> 		response.sendRedirect("login.jsp");
> 		return;
> 	}
> Why would Explorer work and the others not?
I am being a bit adventurous here considering my knowledge of Java and 
JSP, but it seems to me that the test above does not really check 
whether there is or not a session; it checks whether the attribute 
"userName" of the session is defined.  That may be a different thing.

Other than that, assuming the above is correct, and assuming that the 
server side is always the same, and only the browser changes,..
- settings different in the different browsers ? (like IE allows 
cookies, the other ones not ?)
- you are within a Windows network, and some Windows authentication 
mechanism plays a role when you use IE, and not when you use the other 
browsers ?

You should probably provide more information about your setup, to allow 
people here to make more informed guesses. Like
- under what OS is Tomcat running ?
- what kind of authentication does your webapp use ? (WEB-INF/web.xml)
- are you accessing Tomcat directly, or through another webserver and a 
connector ?
- the settings of your SSL connector ? (passwords etc. removed)
- what do the logs say ?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message