Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EE0CB10C0A for ; Fri, 14 Mar 2014 12:38:12 +0000 (UTC) Received: (qmail 16313 invoked by uid 500); 14 Mar 2014 12:38:09 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 16229 invoked by uid 500); 14 Mar 2014 12:38:06 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 16211 invoked by uid 99); 14 Mar 2014 12:38:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Mar 2014 12:38:05 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [76.96.62.16] (HELO qmta01.westchester.pa.mail.comcast.net) (76.96.62.16) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Mar 2014 12:38:00 +0000 Received: from omta09.westchester.pa.mail.comcast.net ([76.96.62.20]) by qmta01.westchester.pa.mail.comcast.net with comcast id dQQM1n0020SCNGk51Qdfdx; Fri, 14 Mar 2014 12:37:39 +0000 Received: from Christophers-MacBook-Pro.local ([68.55.8.89]) by omta09.westchester.pa.mail.comcast.net with comcast id dQdf1n00C1vFKdg3VQdfcV; Fri, 14 Mar 2014 12:37:39 +0000 Message-ID: <5322F813.90608@christopherschultz.net> Date: Fri, 14 Mar 2014 08:37:39 -0400 From: Christopher Schultz User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Notifying application of session changes that happened outside of it's scope References: In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1394800659; bh=MBYWObh19xmLiQfHBL2orkNdSePxHshfyxrNfFSBLjc=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=aqiovXeVOudR3LaiqkNNpc0SoP88VK0I8WE2n9GSUYHSs3MqSUXgv7gqsaJltkKV+ drBEqLE33lIMlauO4Adjs7jK/duwZ1lQieK1CstNTP+XmmjEGS+EEVEAiRpW3JNo7V hOmBiWmmHohRgg3N61D60gNb/IgbipXIC3o7BHw0GIcQ3+30GBjP14z1zKy/d5+oKL jdNG6nMkuTYtb/aPqCBFnqn9alUooboxMHSGwMRt9ZZ6TM77selydPSsNCahxrx3d4 57lBus8KVU8KFYOut2/dp3SJZHkrXyNOOpr0z7+OeHLCGsXD0lYlsw3QIZjVMWn54u MqNEx+cTqaKVg== X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Joseph, On 3/14/14, 5:59 AM, Joesph Bleau wrote: > Right now we're running our application in Tomcat and using > hazelcast to share information across our multiple instances. In an > attempt to prevent session fixation I implemented a tomcat valve > which invalidates sessions when a user authenticates (or in this > case, just visits the authentication endpoints). This is causing an > issuue where our application proper isn't getting notified of > invalidated sessions and they're hanging around in the hazelcast > map. Any reason not to trust Tomcat's session-fixation prevention (which implements session-id changing, and already works across a cluster). > I tried everything I could to fix the session fixation problem > within the scope of my application but no matter what I did it > seemed like tomcat would persist a users session even after > invalidating it, so this was my solution, and of course I face an > equally annoying and difficult problem. > > We're using tomcat7, apache 2.2 / mod_jk to load balance, spring > 3.1, and hazelcast 2.2 > > Any and all advice / tips / scorn appreciated. :-) Joseph Bleau > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTIvgTAAoJEBzwKT+lPKRYrZ4P/1JoIjq6O2SMw5XGgn2E8kWC 6hG//ZnHRgFR82EVSq+lydre2yFwMeA4kf9WjtKwuNwIdaCJSK2gYBgeHyKhxtCs Sakux63pRpRzba3RlvSlHuM30AN4+tbFrVLO/HWWCyBujI1iLppnILzi/iSsy0nK VX+DtfeqV5BnvNJMG0G77IB9KOaft5Dm+wJ443Yv8sJPpxwbQUh+siJP5+fsqLA1 c6MISdBMTRlFGhkEuaQKVtvXxpPn9Hjiv6s16fVlYOQzX+UTMCPA5c22P74zuYm/ VPG1T46fcf7J+4P/vkdM3X/6ecaPB4bgX4t5IKCPmAoFZ5Ou7K8DbKI2OlP/iCNh /yLmsmYdY4YSSKQiN6HnHMh03uMy4q4Ah/hgz9LkxXm1DHdC7A7YRb3rJ6ES6fls aYl8Ekq7TNmLYAu0/92Su9qxTIA90g/ii5POe6jDP/1QlXInqB+nRJbbgIdvu1uA sb2TC4Nb5hhVKZKKRpHIvvDCoilFhmQdgrsPWOM/+0WcFMvzHwCPYBuAk7TJv+qJ 4xZ4tb90PbDc/ZrUjEUsTWoH+lgPzn8G8guIuiK/qGOWQStsE7TNnYIZ47Cnzyrm Yy+zQ1YHTFvaFEUeNSkNDK97JG3DJX1RMWn9ZcpgbvBJ36DeRXofTgZImotRwpv+ zR7I1gSt/gkKLH3HQl8n =OVcJ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org