tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jürgen Jakobitsch <j.jakobit...@semantic-web.at>
Subject Re: SSLSession invalidate
Date Tue, 06 Sep 2011 22:11:58 GMT
thanks mark,

if i understand you correct, it is simply NOT possible to invalidate
the SSLSession of which i can get the id with request.getAttribute("javax.servlet.request.ssl_session")
(it works with this key in 6.0.32)

wkr turnguard

----- Original Message -----
From: "Mark Thomas" <markt@apache.org>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Wednesday, September 7, 2011 12:08:29 AM
Subject: Re: SSLSession invalidate

On 06/09/2011 22:42, Jürgen Jakobitsch wrote:
> apparently there is one, i can get it's id with request.getAttribute("javax.servlet.request.ssl_session")

That is a Tomcat bug it should be javax.servlet.request.ssl_session_id

> in tomcat7 there's the possibility to use SSLSessionManager to invalidate SSLSession,
so i'm doing a
> wild guess, that something similar has to be possible with tomcat6 as well.

Your wild guess is wrong. That feature is in Tomcat 7 onwards.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


-- 
| Jürgen Jakobitsch, 
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8
| A - 1070 Wien, Austria
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22

COMPANY INFORMATION
| http://www.semantic-web.at/

PERSONAL INFORMATION
| web   : http://www.turnguard.com
| foaf  : http://www.turnguard.com/turnguard
| skype : jakobitsch-punkt

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message