Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 44430 invoked from network); 19 Feb 2010 18:47:04 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 19 Feb 2010 18:47:04 -0000 Received: (qmail 80098 invoked by uid 500); 19 Feb 2010 18:47:00 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 80036 invoked by uid 500); 19 Feb 2010 18:47:00 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 80025 invoked by uid 99); 19 Feb 2010 18:47:00 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Feb 2010 18:47:00 +0000 X-ASF-Spam-Status: No, hits=1.1 required=10.0 tests=FORGED_HOTMAIL_RCVD2,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Feb 2010 18:46:52 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1NiXrz-0002Ck-SN for users@tomcat.apache.org; Fri, 19 Feb 2010 10:46:31 -0800 Message-ID: <27658593.post@talk.nabble.com> Date: Fri, 19 Feb 2010 10:46:31 -0800 (PST) From: iainmac To: users@tomcat.apache.org Subject: Re: 6.0.24 SSL Session always New In-Reply-To: <20100219144137.GA5766@lincware.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: iain_macaulay@hotmail.com References: <27652568.post@talk.nabble.com> <20100219144137.GA5766@lincware.com> Thanks I think it must be something to do with that. Eric Lenio-5 wrote: > > On Fri, Feb 19, 2010 at 12:02:18PM +0000, iainmac wrote: >> >> Hi, >> >> I have just moved from 5.0.18 to 6.0.24 using JSSE for SSL. >> >> I have a web application that checks for a current session, and if there >> isn't one it sends the user to a login screen. This is working fine from >> Explorer as it did before in the previous version of Tomcat, but it keeps >> saying the session is new in Firefox, Safari and Chrome. >> >> In the jsp, this keeps taking me back to the login screen... >> >> if (session.getAttribute("userName")==null){ >> response.sendRedirect("login.jsp"); >> return; >> } >> >> Why would Explorer work and the others not? >> >> Thanks, >> >> Iain > > You might want to review new protection Tomcat has against session > fixation, which was done in 6.0.21. > > http://issues.apache.org/bugzilla/show_bug.cgi?id=45255 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/6.0.24-SSL-Session-always-New-tp27652568p27658593.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org