tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adamus, Steven J." <STEVEN.J.ADA...@saic.com>
Subject RE: SSLSession invalidate
Date Tue, 06 Sep 2011 22:29:22 GMT
Don't assume your SSL session or connection hasn't been invalidated just because you aren't
asked to choose a certificate from your browser certs when you log in again.  In our system
(Tomcat 5.5.33), I know that our HTTP session and Single Sign-on session are invalidated upon
logout, and we see similar behavior (no need to select certificate) upon re-login because
the browser caches the user's certificate choice (and smart card PIN).  Is your session ID
the same when you go back in?  

If you are using IE and you want to clear the browser cache to select another certificate,
go to Tools->Internet Options, select Content tab, and click Clear SSL state. 

-----Original Message-----
From: users-return-227483-STEVEN.J.ADAMUS=saic.com@tomcat.apache.org [mailto:users-return-227483-STEVEN.J.ADAMUS=saic.com@tomcat.apache.org]
On Behalf Of Jürgen Jakobitsch
Sent: Tuesday, September 06, 2011 3:12 PM
To: Tomcat Users List
Subject: Re: SSLSession invalidate

thanks mark,

if i understand you correct, it is simply NOT possible to invalidate the SSLSession of which
i can get the id with request.getAttribute("javax.servlet.request.ssl_session")
(it works with this key in 6.0.32)

wkr turnguard

----- Original Message -----
From: "Mark Thomas" <markt@apache.org>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Wednesday, September 7, 2011 12:08:29 AM
Subject: Re: SSLSession invalidate

On 06/09/2011 22:42, Jürgen Jakobitsch wrote:
> apparently there is one, i can get it's id with 
> request.getAttribute("javax.servlet.request.ssl_session")

That is a Tomcat bug it should be javax.servlet.request.ssl_session_id

> in tomcat7 there's the possibility to use SSLSessionManager to 
> invalidate SSLSession, so i'm doing a wild guess, that something similar has to be possible
with tomcat6 as well.

Your wild guess is wrong. That feature is in Tomcat 7 onwards.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


-- 
| Jürgen Jakobitsch,
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8 A - 1070 Wien, Austria 
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22

COMPANY INFORMATION
| http://www.semantic-web.at/

PERSONAL INFORMATION
| web   : http://www.turnguard.com
| foaf  : http://www.turnguard.com/turnguard
| skype : jakobitsch-punkt

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message