Re: apache does not preserve user session of tomcat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hi Krist,


In LiveHTTPHeaders:

Set-Cookie: JSESSIONID=2637CA3EADF9422597DF276AE1846E55; Path=/abc; Secure

So I guess this means that the session is "secure". and from what you have said, the brwoser cannot send this cookie over http.

If the above reasoning is true, what are the alternatives?
thanks in advance



--- On Mon, 21/4/08, Krist van Besien <krist.vanbesien@xxxxxxxxx> wrote:

> From: Krist van Besien <krist.vanbesien@xxxxxxxxx>
> Subject: Re:  apache does not preserve user session of tomcat
> To: users@xxxxxxxxxxxxxxxx, melanie_pfefer@xxxxxxxxxxx
> Date: Monday, 21 April, 2008, 4:09 PM
> On Mon, Apr 21, 2008 at 2:21 PM, Melanie Pfefer
> <melanie_pfefer@xxxxxxxxxxx> wrote:
> 
> >  Before editing httpd.conf, on the tomcat side: how to
> set the correct cookiedomain in the webapp?
> 
> How to set this in the webapp I can't know, as I'm
> not a webapp
> specialist. But I have to deal with similar problems you
> have all the
> time.
> What I'd suggest is look at what exactly the server
> sends, and what
> the browser does with it. You can use firefox, and an
> extension like
> LiveHTTPHeaders to see exactly what gets send by the server
> and by the
> browser. This will allow to see what the cookie looks like
> that gets
> sent.
> There is another thing I remembered. You are proxying http
> to https.
> Now it is possible that the cookie that your tomcat
> generates (and
> passes to the browser) is a "secure" cookie. Some
> java webapps do this
> by default if accessed over https. A browser will never
> send such a
> cookie over a non-secure connection. So if you access your
> webapp via
> your apache server the browser gets it's cookie, but
> never sends it
> back, on subsequent requests, so the session info gets
> lost. You can
> verify this using LiveHTTPHeaders.
> 
> Krist
> 
> -- 
> krist.vanbesien@xxxxxxxxx
> krist@xxxxxxxxxxxxx
> Bremgarten b. Bern, Switzerland
> --
> A: It reverses the normal flow of conversation.
> Q: What's wrong with top-posting?
> A: Top-posting.
> Q: What's the biggest scourge on plain text email
> discussions?
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest:
> users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail:
> users-help@xxxxxxxxxxxxxxxx


      __________________________________________________________
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux