tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Rekha...@Dell.com>
Subject RE: FW: tomcat creating new ssl session id for same session
Date Thu, 28 Nov 2019 06:33:33 GMT
Highly Restricted - Confidential

Thanks for your prompt reply. Please find my response inline.


-----Original Message-----
From: Christopher Schultz <chris@christopherschultz.net> 
Sent: Wednesday, November 27, 2019 11:15 PM
To: users@tomcat.apache.org
Subject: Re: FW: tomcat creating new ssl session id for same session

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Rekha,

On 11/27/19 05:15, Rekha.MS@Dell.com wrote:
> I am using javax.servlet.request.ssl_session_id for session 
> validation. But tomcat creating new ssl session id and user session 
> validation is failing.

How are you performing the validation?
Rekha MS: Ssl_session_id is used for validation.

What is the order-of-events that you are observing?
Rekha MS : Ssl_session_id is same for some requests and then it changes after some time.

What version of Tomcat, and what kind of <Connector> are you using?
Rekha MS: Tomcat 8.5.15 , Nio connector(Http11NioProtocol to be specific)

> Please let me know when tomcat creates new ssl session id and how by 
> mandate it to use same ssl session id for same user session

TLS session ids must change periodically when certain renegotiations occur. This is actually
a security feature. I'm not sure it is possible to disable it entirely
Rekha MS: what triggers these renegotiations?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3etiEACgkQHPApP6U8
pFiKsg/+MSt/JOsbkOtL/x9z9RDV85HQtj3oQK6GQY5bp66ZTsZZugkwEbUdg8wb
3IDrw4qYuuyGs+PXqqjKwd76Td9EVWYBUEbtw3HPmOx2g0g3XsfTEgKetMRSyJrh
Xh6vTFb9PPwlR1Lozv+OAkQXIradAZUXxHxWY6lcR1ox1X8A8VlnzTKA1oPBL+qk
1q6coOcNuhSJ2DjFFCmaBBp75qBQMFRvcIQacChQEfT1oFdFWkt22L8tmwLF3bKZ
gb8Tc4ohDkwWZUeSeiq6p6dIN8LhK7q40rJH3akEwQJGrD3dPoSojwGiLKXvOMkj
2czFC4SdJ6MJnjxh57LvKlcxwIP+heEIpF1lscGjfZn+sSzzVDRLZkgkV0hXF4aG
uDIKLvETzW88mE4ddfxHICf6IAsLcz6aSR2TaGlJdNgNnsbOooLJc6+cyoA3M1oc
1FpvyzSZsckKpA6KRKqOtNlvveDSgtrTr7EmgK0a2pjAiaq69zxttGfyyOwcKIQw
aozuJBRH4mtP1HAT+4EKeUAUHtuPUXeGMJwoFa4MDMu2+HT9krIFB9kcixDuPy5k
6CFfPkXcVCN+XcChWYrI9HJ0vKRh0DzVVEB14RG/8V+oSXUM0+imJdC2I4QFBI0r
y1ssOJkam+ZzP+fc5Mz1v/hbbLmX2Y1pe4d/FLNF91l+IXRsKOY=
=J9i5
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message