; Versions : Tomcat 5.5.27 with Java 1.6.0_11 on SLES10.
>
> Any help is appreciated...
>
> Thanks
>
>
>
>
> Caldarale, Charles R wrote:
>>
>>> From: atul [mailto:techat...@yahoo.com]
>>> Subject: Re: Force getting Client Cert from browser
>>&
:
>
>> From: atul [mailto:techat...@yahoo.com]
>> Subject: Re: Force getting Client Cert from browser
>>
>> I tried invalidating httpsession but that didnt work.
>
> I'm a bit surprised at that, but I haven't gone through the code enough to
> figure out
> From: atul [mailto:[EMAIL PROTECTED]
> Subject: Re: Force getting Client Cert from browser
>
> I tried invalidating httpsession but that didnt work.
I'm a bit surprised at that, but I haven't gone through the code enough to
figure out why that didn't work. The
harles R" <[EMAIL PROTECTED]>
To: Tomcat Users List
Sent: Friday, October 24, 2008 12:14:45 PM
Subject: RE: Force getting Client Cert from browser
> From: atul [mailto:[EMAIL PROTECTED]
> Subject: Force getting Client Cert from browser
>
> Tomcat never initiates ssl renegoti
lt;[EMAIL PROTECTED]>
To: Tomcat Users List
Sent: Friday, October 24, 2008 12:14:45 PM
Subject: RE: Force getting Client Cert from browser
> From: atul [mailto:[EMAIL PROTECTED]
> Subject: Force getting Client Cert from browser
>
> Tomcat never initiates ssl renegotiation - probably
> From: atul [mailto:[EMAIL PROTECTED]
> Subject: Force getting Client Cert from browser
>
> Tomcat never initiates ssl renegotiation - probably because
> it hangs onto sslsocket and sslsession object for performance.
No - it's because the *browser* uses the same sess
I am initiating client ssl in my webapp by requesting attr
org.apache.coyote.request.X509Certificate
User is prompted for the client cert at the browser and logs in just fine.
When the user logs out, we invalidate the Http session.
However, when the user tries to access another protected resour
