tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: SSLSession invalidate
Date Tue, 06 Sep 2011 22:08:29 GMT
On 06/09/2011 22:42, J├╝rgen Jakobitsch wrote:
> apparently there is one, i can get it's id with request.getAttribute("javax.servlet.request.ssl_session")

That is a Tomcat bug it should be javax.servlet.request.ssl_session_id

> in tomcat7 there's the possibility to use SSLSessionManager to invalidate SSLSession,
so i'm doing a
> wild guess, that something similar has to be possible with tomcat6 as well.

Your wild guess is wrong. That feature is in Tomcat 7 onwards.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message