tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: SSL Session Caching
Date Wed, 13 Feb 2013 20:37:21 GMT
> From: Christopher Schultz [mailto:chris@christopherschultz.net] 
> Subject: Re: SSL Session Caching

> OP reports that a new SmartCard is being inserted and either the old
> session persists (and the new user is allowed to masquerade as the old
> user) or the new user is not authenticated but still allowed to access
> their own resources. Sounds like the former, but it's worth asking.

Which still indicates that the _client_ isn't reacting to the smartcard being swapped for
another one.  Not much the server (Tomcat) can do about that, other than force re-authentication
on every access (which would introduce another set of issues).

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message