tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pottinger, Hardy J." <>
Subject seeking help with stabilizing the persistence of a JSESSIONID
Date Thu, 03 Sep 2015 15:12:50 GMT
Hi, I'm a committer for DSpace [1] (a Java servlet) and I'm working on a bug [2]. This bug
presents with the following symptoms:

1) user searches site, finds an item of interest, attempts to access the item, but is not
currently logged in, so is presented with a "please enter password" challenge;
2) user chooses to authenticate via Shibboleth and is passed on to a Shibboleth IdP for authentication
3) user authenticates successfully
4) user is returned to the home page of the site, instead of the item previously requested

DSpace stores the previously-visited URL in the session. I can see the JSESSIONID cookie at
step 1 above. At step 4, the JSESSIONID is new. In other words, the previous session (with
the previous URL information) is discarded.

I suspect that there is some setting for Tomcat7 I'm missing, Is there some way to tell Tomcat
to allow these sessions to persist during the roundtrip to the Shibboleth IdP and back?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message