tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Coty Sutherland <csuth...@apache.org>
Subject Re: unable to set the "secure="true" flag on server.xml
Date Thu, 30 Nov 2017 20:51:47 GMT
On Thu, Nov 30, 2017 at 1:39 PM, Christopher Schultz
<chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Naga,
>
> On 11/30/17 12:29 PM, Naga Ramesh wrote:
>> Thanks Chris..
>>
>> See the below output and here not showing the secure.
>>
>> < HTTP/1.1 200 OK < Set-Cookie:
>> JSESSIONID=D14ACAB7CADB83FAD5C11296C75A09DB; Path=/; HttpOnly <
>> X-Frame-Options: DENY < X-Content-Type-Options: nosniff <
>> X-XSS-Protection: 1; mode=block < Content-Type:
>> text/html;charset=ISO-8859-1 < Content-Length: 5472 < Date: Thu, 30
>> Nov 2017 17:26:37 GMT < Server:
>
> HTTP response headers don't say anything about "secure" anyway.

Actually, they do :) Setting a cookie to secure keeps it from being
transmitted over HTTP.

Set-Cookie: JSESSIONID=07429A0D611B540BF985E10197241E5D; Path=/;
Secure; HttpOnly

>
> What are you trying to accomplish, and what have you tried?
>
> I'm not sure secure="true" does what you think it does.
>
> Please answer the questions I asked in my previous post. They will go
> a long way toward helping you.

That would definitely help.

>
> - -chris
>
>> -----Original Message----- From: Christopher Schultz
>> [mailto:chris@christopherschultz.net] Sent: Thursday, November 30,
>> 2017 10:52 PM To: users@tomcat.apache.org Subject: Re: unable to
>> set the "secure="true" flag on server.xml
>>
>> Naga,
>>
>> On 11/30/17 12:11 PM, Naga Ramesh wrote:
>>> I have configured the tomcat8 version & used the AWS ELB, but I
>>> have set the “secure="true" flag on tomcat8/conf/server.xml file
>>> end, after that service started and login page came but I am
>>> unable to login the application and getting the oops session
>>> expired error message coming.
>>
>> Please post your <Connector> configuration.
>>
>> What did you expect secure="true" to actually do?
>>
>>> Note: we have applied the SSL on AWS ELB end.
>>
>> So you are terminating TLS at the ELB, right?
>>
>>> ELB(https) -à tomcat-conenctor-8080
>>
>> Traffic from ELB -> Tomcat is using HTTPS?
>>
>> Why encrypt within your own VLAN?
>>
>> -chris
>>
>> ---------------------------------------------------------------------
>>
>>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>> ---------------------------------------------------------------------
>>
>>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlogUF4dHGNocmlzQGNo
> cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFinKxAAhhchuEFgo8dc+pZv
> YTg65qRlt7xS6s3ewlhY7RUrmNvzgYmjJC5tW81mNjNHhfPtMq7/WYNqoIS77b1+
> gZNYk4CtdNt8q3mJ0BUIqOoaSs9esvCv5WCs9jTh/dyhxra13s33V5NFkOvB26dB
> YgsxvZAxFYgim2Yp8Q1xoN8CRhi8UVLidd3V8QIebZQ3oFbBjKZzvXm9BShlablj
> RWuHHoj5A2Ks+BBqK6HR1Y1ZNoFqxaMtO7ZuxC4ytJVfhOvEXA2YoYDfOvxfHSIj
> WVGwCczp3TRHCW/blFGOMqoctLY9bbJcgLb4ZZQloo1B4tced4XFBz7ELJZ52FrI
> srHhH+md2udfGQ7ByJDOW7710IkDUXJvIO1JfJw/vC3s7rlGE61fXfncHPLg2Rer
> XA0Ij9cjGVRC7aPr/d2+tAGB9aO2BhEQimVMX0MzNLhoiQhFHK+Tuq8jCKWVUMzl
> m6VQNYulvisC0TnLQlzkFma+FZAlJ/RdkxQO3bFKaCt1UMMmluW0WQCAkmrCITzM
> Lz8dfXF1NIMGsCJYLzqWw/Bbtk8EoMEw4euV8Zwjnfo6iVB4fufOQiFdjr2AMQV3
> FT0pnfEZC+5KUMwhjbPBKmX7mivkckNGrB3MpUuvFW1XZpAFVK14W7HaGA++EbJY
> TB83V9GzPjyofj16b8lbJudggyY=
> =4btR
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message