tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: seeking help with stabilizing the persistence of a JSESSIONID
Date Thu, 10 Sep 2015 19:25:52 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hardy,

On 9/10/15 1:00 PM, Pottinger, Hardy J. wrote:
> The session attribute we are creating to hold the flag to indicate
> the session is "interrupted"... is not serializable... which I
> think means that, when the new session is created as part of 
> session fixation protection, the "interrupted" flag won't transfer
> to the new session.

Tomcat's session-fixation-prevention amounts to changing the session
identifier while keeping the session in-tact. So unless you are using
distributable sessions, this is unlikely to be the problem.

> So... I *think* what I might need to do is set a maker for our 
> request class that it implements Serializable. 
> http://stackoverflow.com/questions/7444463/how-do-i-make-the-session-d
ata-serializable

Only
> 
putting Serializable objects in the session is surely a good idea
in general.

> I'll let you know if this works out.

I'm interested to hear about your experience.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV8dlAAAoJEBzwKT+lPKRYXtsQAJtR7dF79KCPRNjGt2jGtGwM
3r+SAmfTkNkQtxghd2VI+G8+BHUNZUzR6aNdpZcXf8N3Gwtbvpc+LRLgu7TH0d6E
A1KSSMp6V7jTW+TfLlHOa4y2T0uAzgbLwvNN6jGgRTwUNbG2eyJ/zUotQWiYWOhi
T02nNNSt2gz838Z/WSWpx/8IFS3T1i6ny4QRdFwsItFyiNJ4fV8AULVzjDp1fIdd
cuBLCFEqoMcNoWymc5IFEULtLc87Mzec52+J6robJFh1Z+2TkDSbtFWSBD2CqoPI
wIR405EUX/gaBkivnvk81J4TeOqRcEN1nc+YWPYpFbW65u0WXnG85zf58HSIaV59
Z+5FIh6/yecTJh/hRugPg/PgSIjFxo6Q2l9t2QaWqsqwNS7KyZfRqpeZWOUBJYH4
13cPBcv08LOrUUmh1tIlOpw6+3e0CqSokTtppf0Aqt8FK7ng2t7TjVrgt6GYEZGu
wMMVMboERXPFeKD618lxcn4mp89BH3iKlR3d0LDA+ZIn/68ZatDZFAUl+vhO49xn
tKKbQY6dAYx3VU8NqiXuWVup8RYRxRJlymuseUaf95GOo7JW+hvw6PbPNRYWTpMk
E6xmCdyD0hMMZXx5cnqRHBuVaXEkhbNK5o2j5WB1/sitDli/G8NUN/yN+KLrNbMC
9VRK0C/SkcNLXAosN6NP
=Wr84
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message