Joey,
On 5/7/24 10:50, Joey Cochran wrote:
Coud this be the culprit ?
${CATALINA_BASE}/conf/context.xml
Possible, but the report was that every single request generates a new
JSESSIONID, not that every session seems to have expired and needs to be
re-initialized
Coud this be the culprit ?
${CATALINA_BASE}/conf/context.xml
From: Hamdan Khan
Sent: Tuesday, May 7, 2024 9:09 AM
To: users@tomcat.apache.org
Subject: [EXTERNAL] RE: After Windows Server Restart, tomcat generating New
JSESSIONID even with
Thank you Mark,
We have har files when the server is in error state, it shows that the
jsessionid is sent in request.
*Is there a reverse proxy in the mix?*
No. we directly access tomcat.
*Are you using sessions at all*
Yes, we are using the default tomcat session in debugger it says
On 06/05/2024 11:05, Hamdan Khan wrote:
Hello everyone,
We're having a problem with Tomcat on Windows servers. It only happens when:
Tomcat is running as a service (automatically started by Windows).
The Windows server automatically restarts for updates.
After the restart, Tomcat starts creatin
Hello everyone,
We're having a problem with Tomcat on Windows servers. It only happens when:
Tomcat is running as a service (automatically started by Windows).
The Windows server automatically restarts for updates.
After the restart, Tomcat starts creating new session IDs for
every request, even
Hi Reto, fortunately I use RemoteIpValve but I would like to know, if
you have time, what advantages there would be using RemoteIpFilter.
TIA
Il 09/02/2023 08:50, Reto Weiss ha scritto:
Hi Mark
Reported ashttps://bz.apache.org/bugzilla/show_bug.cgi?id=66471
Regards
Reto
--
Hi Mark
Reported as https://bz.apache.org/bugzilla/show_bug.cgi?id=66471
Regards
Reto
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
JSESSIONID cookie I get back is missing the secure attribute.
I have debugged the RemoteIpFilter the isSecure flag of the wrapper
request it creates is correctly set to true. Unfortunately, the method
getSession() or getSession(Boolean) is forwarded to the wrapped original
request were the isSecure
Hi There
I use Tomcat 9.0.68 and the org.apache.catalina.filters.RemoteIpFilter Filter
behind a NGINX reverse proxy. On the NGINX I set the http header
X-Forwarded-Proto to https.
If I now make a request with a Browser to the reverse proxy the JSESSIONID
cookie I get back is missing the secure
Hi Peter,
>>Go to a site that does not use sessions (and tomcat) and it will have that
>>entry.
You are right, every site with no cookies causes the entry under cookies in
chrome.
So this issue is solved. Thank you
Tillmann
On Fri, Jan 29, 2021 at 12:03 PM Tillmann Schulz
wrote:
> Hi there,
>
> I am using Tomcat 8.5.58 and have a problem with JSESIONID cookie.
> It should be possible to completly deactivate the jsessionid cookie with
> the following code:
>
> <%@ page session="fal
Hi Tillmann,
Am 2021-01-29 11:00, schrieb Tillmann Schulz:
Hi there,
I am using Tomcat 8.5.58 and have a problem with JSESIONID cookie.
It should be possible to completly deactivate the jsessionid cookie
with the following code:
<%@ page session="false" %>
If you do that
Hi there,
I am using Tomcat 8.5.58 and have a problem with JSESIONID cookie.
It should be possible to completly deactivate the jsessionid cookie with the
following code:
<%@ page session="false" %>
If you do that and call the JSP, there is in no entry under cookies in google
Hi Amit,
On Wed, Jan 6, 2021 at 11:15 AM Amit Khosla
wrote:
> Hi,
>
> Thanks for the reply.
>
> We tried the settings on multiple machines. And found that the same
> configuration machines gave different results.
> We are getting multiple jsessionid cookies being created.
Hi,
Thanks for the reply.
We tried the settings on multiple machines. And found that the same
configuration machines gave different results.
We are getting multiple jsessionid cookies being created. In our
application, we have a multi tenant application.
For each tenant we have an nginx running
Mark,
On 1/4/21 03:17, Mark Thomas wrote:
On 04/01/2021 06:02, Amit Khosla wrote:
Hi,
We are still facing this issue. Can someone please help us?
In a clean 8.5.x install, session cookies are only marked as secure if
the request that triggered the session creation is made over a secure
chann
gt;> But when the changes did not reflect, we made changes in specific app as
>> well. But we could not see the cookie as secure.
>>
>> We verified by the response headers seen in chrome developer tool. The
>> cookie JSESSIONID does not have a secure flag.
>>
>>
l. But we could not see the cookie as secure.
>
> We verified by the response headers seen in chrome developer tool. The
> cookie JSESSIONID does not have a secure flag.
>
> By the way, Happy New Year!
>
> On Thu, Dec 31, 2020 at 5:01 PM Darryl Lewis
> wrote:
>
>&g
Thanks for reply!
We did changes in /conf/web.xml.
But when the changes did not reflect, we made changes in specific app as
well. But we could not see the cookie as secure.
We verified by the response headers seen in chrome developer tool. The
cookie JSESSIONID does not have a secure flag.
By
31/12/20, 3:50 pm, "Amit Khosla" wrote:
>
> Hi Team,
>
>
>
> As we are looking forward for JSESSIONID to be secure.
>
>
>
> We made changes in web.xml in tomcat/conf
>
>
mit Khosla" wrote:
>
> Hi Team,
>
>
>
> As we are looking forward for JSESSIONID to be secure.
>
>
>
> We made changes in web.xml in tomcat/conf
>
>
>
>
>
> true
>
> true
>
>
true
true
Restart the server.
On 31/12/20, 3:50 pm, "Amit Khosla" wrote:
Hi Team,
As we are looking forward for JSESSIONID to be secure.
We made changes in web.xml in tomcat/conf
true
Hi Team,
As we are looking forward for JSESSIONID to be secure.
We made changes in web.xml in tomcat/conf
true
true
But even after the changes, we are not able to get the JSESSIONID cookie as
secure.
We also tried changes in web.xml of our
file it goes in to add the samesite attribute to the JSESSIONID.
> I'm assuming they want it globally for all webapps.
>What have you tried already?
To paraphrase Maxwell Smart, "Missed it by that much". Our shipping version is
at 9.0.20, so the warnings abo
t goes in to add the samesite attribute to the JSESSIONID. I'm assuming
> they want it globally for all webapps.
>
After Christopher Schultz pointed me in the right direction, I added the
following line to $CATALINA_BASE/conf/context.xml
This allowed my JAMstack app to set a JSESSIONI
m looking for an XML fragment and
> the file it goes in to add the samesite attribute to the
> JSESSIONID. I'm assuming they want it globally for all webapps.
What have you tried already?
- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunder
Have a customer asking about this. I see Tomcat supports it here.
https://tomcat.apache.org/tomcat-9.0-doc/config/cookie-processor.html
We currently use defaults, so I'm looking for an XML fragment and the file it
goes in to add the samesite attribute to the JSESSIONID. I'm assuming
y, April 26, 2018 4:53 AM
> To: Tomcat Users List
> Subject: Tomcat 9 ;jsessionid
>
> > Hello,
> >
> > One thing I have noticed with Tomcat 9.0.x I get alot
> > ;jsessionid=xxx appended to my urls. This did not happen with 8.5.x.
> >
> > /images/
Hi Greg
-Original Message-
From: Greg Huber [mailto:gregh3...@gmail.com]
Sent: Thursday, April 26, 2018 4:53 AM
To: Tomcat Users List
Subject: Tomcat 9 ;jsessionid
> Hello,
>
> One thing I have noticed with Tomcat 9.0.x I get alot
> ;jsessionid=xxx appended to my urls.
Chris,
>As for your image URLs failing due to those path parameters... why are
>they failing? Which component is generating those HTTP 500 responses?
I did some more investigation and my app would not display the image with
the ;
http://www.myapp.co.uk/images/image_32x32.png;jses
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Greg,
On 4/26/18 4:53 AM, Greg Huber wrote:
> Hello,
>
> One thing I have noticed with Tomcat 9.0.x I get alot
> ;jsessionid=xxx appended to my urls. This did not happen with
> 8.5.x.
>
> /images/image
On 26/04/18 09:53, Greg Huber wrote:
> Hello,
>
> One thing I have noticed with Tomcat 9.0.x I get alot ;jsessionid=xxx
> appended to my urls. This did not happen with 8.5.x.
>
> /images/image_32x32.png;jsessionid=BF27C604B287CCF6DF3DBDB180C2CBEB
>
> 5
Hello,
One thing I have noticed with Tomcat 9.0.x I get alot ;jsessionid=xxx
appended to my urls. This did not happen with 8.5.x.
/images/image_32x32.png;jsessionid=BF27C604B287CCF6DF3DBDB180C2CBEB
500 Internal Server Error
/images/image_32x32.png;jsessionid= ... 23784378307846F: 1
On 05/02/2018 03:18, Dave Glasser wrote:
> Thanks, that is pretty clear and unambiguous, as is "The name of
> the parameter must be jsessionid." When the spec is in conflict with itself,
> I'm happy to consider Tomcat the reference implementation.
Technically, the RI
Thanks, that is pretty clear and unambiguous, as is "The name of
the parameter must be jsessionid." When the spec is in conflict with itself,
I'm happy to consider Tomcat the reference implementation.
The reason a session cookie name had to be specified in the first place
On 03/02/18 21:55, Dave Glasser wrote:
> This text is based on a stackoverflow question I posted earlier today:
> https://stackoverflow.com/questions/48600576/jsessionid-as-path-parameter-not-working-in-tomcat/48602272
>
>
> I'm using Tomcat 7.0.84, and my web app uses the Se
This text is based on a stackoverflow question I posted earlier today:
https://stackoverflow.com/questions/48600576/jsessionid-as-path-parameter-not-working-in-tomcat/48602272
I'm using Tomcat 7.0.84, and my web app uses the Servlet 3.0 deployment
descriptor. The web.xml file contains
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Laurent,
On 10/4/17 6:31 PM, Laurent Perez wrote:
> Obviously I'm thinking about renaming the war but the rewriting is
> really used, for example seo friendly urls like /bar/steps/1
> internally rewrite to /foo/somesubmodule/steps.jsp?step=1 and the
On 4 October 2017 23:31:36 BST, Laurent Perez wrote:
>Thanks for the replies. The jsessionid/cookie tracking mode is not
>really
>part of the problem, sorry about that.
>
>Obviously I'm thinking about renaming the war but the rewriting is
>really
>used, for example s
Thanks for the replies. The jsessionid/cookie tracking mode is not really
part of the problem, sorry about that.
Obviously I'm thinking about renaming the war but the rewriting is really
used, for example seo friendly urls like /bar/steps/1 internally rewrite to
/foo/somesubmodule/steps.jsp
oo" war is deployed at /foo context path under tomcat. The /foo
path is not public, apache has a rewrite rule defined as : /bar/*
rewrites internally to /foo/*.
I'm using jstl and its for every url in my
jsps to gain the ;jsessionid from encodeURL whenever jsessionid
cookie is not yet set (1st
h is not public, apache has a rewrite rule defined as : /bar/*
rewrites internally to /foo/*.
I'm using jstl and its for every url in my
jsps to gain the ;jsessionid from encodeURL whenever jsessionid
cookie is not yet set (1st requests)
Now my question is : the results in a
"/foo/p
rent Perez wrote:
>>> I'm using apache+mod_proxy+mod_rewrite as a tomcat frontend. A
>>> "foo" war is deployed at /foo context path under tomcat. The /foo
>>> path is not public, apache has a rewrite rule defined as : /bar/*
>>> rewrites internal
>> "foo" war is deployed at /foo context path under tomcat. The /foo
>> path is not public, apache has a rewrite rule defined as : /bar/*
>> rewrites internally to /foo/*.
>>
>> I'm using jstl and its for every url in my
>> jsps to gain the ;jsess
e rule defined as : /bar/*
> rewrites internally to /foo/*.
>
> I'm using jstl and its for every url in my
> jsps to gain the ;jsessionid from encodeURL whenever jsessionid
> cookie is not yet set (1st requests)
>
> Now my question is : the results in a
> "
my jsps to
gain the ;jsessionid from encodeURL whenever jsessionid cookie is not yet
set (1st requests)
Now my question is : the results in a "/foo/page.jsp;jsessionid=..."
I want the result instead as /bar/pages.jsp;jsessionid=
Should I go straight for a HttpServletResponseWrapper repla
Am Montag, den 11.04.2016, 10:22 + schrieb Arno Schäfer:
> Hi Felix,
>
> thank you very much for that hint.
>
> > When a session gets 'authenticated' its id will change to prevent
> > session fixation attacks. If you are interested in the events telling
> > you the change you have two possi
Hi Felix,
thank you very much for that hint.
> When a session gets 'authenticated' its id will change to prevent
> session fixation attacks. If you are interested in the events telling
> you the change you have two possibilities:
ok, that explain, what I see :-)
> 1. Use servlet api 3.1 and u
ve an authentification
and this is bound at the JSESSIONID. So the idea is, to canalize these request
to a filter and handle the necessary things, when a new
session is created or destroyed. So during a create event I put the ID in a map
and do some things and after the destroy I remove it
from the ma
Hi all,
I have the following Problem: we have a very old, some kind of complex webapp,
that run under tomcat 7.0.54 on Windows.
I have to maintain some functionality and came to a point, what I can't
understand. Some requests have to have an authentification
and this is bound at the JSESS
0-doc/config/ajp.html
From: Christopher Schultz [ch...@christopherschultz.net]
Sent: Thursday, September 10, 2015 4:15 PM
To: Tomcat Users List
Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID
-BEGIN PGP SIGNED MESSAGE-
Hash: SH
t; Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> Jeffrey,
>>
>> On 9/10/15 12:26 PM, Jeffrey Janner wrote:
>>> Thanks for all the help guys. I think I've sussed out what i
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Thursday, September 10, 2015 2:24 PM
> To: Tomcat Users List
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> -BEGIN PGP SIGNED MESSAGE-
> H
> -Original Message-
> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
> Sent: Thursday, September 10, 2015 12:01 PM
> To: Tomcat Users List
> Subject: RE: Multiple JSESSIONID cookies being presented.
>
> > From: Jeffrey Janner [mailto:jef
en sessions change ids.
- -chris
> From: Christopher Schultz
> [ch...@christopherschultz.net] Sent: Thursday, September 10, 2015
> 2:57 PM To: Tomcat Users List Subject: Re: seeking help with
> stabilizing the persistence of a JSESSIONID
&
hristopher Schultz [ch...@christopherschultz.net]
Sent: Thursday, September 10, 2015 2:57 PM
To: Tomcat Users List
Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/10/15 3:36 PM, Pottinger, Hardy J. wrote:
es its thing?
It's simpler than you think. Tomcat really does nothing other than
this after successful authentication:
session.setSessionId(randomNewSessionId);
The "new" session is in fact the same as the old session -- it just
has a new identifier. The client wil
Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/10/15 1:00 PM, Pottinger, Hardy J. wrote:
> The session attribute we are creating to hold the flag to indicate
> the session is "interrupted".
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/10/15 1:00 PM, Pottinger, Hardy J. wrote:
> The session attribute we are creating to hold the flag to indicate
> the session is "interrupted"... is not serializable... which I
> think means that, when the new session is created as part o
ntees that the "session" reference will be non-null.
That will allow you to use session information in error.jsp if a
session already exists, but not create a superfluous session when one
does not (yet) exist.
Back to Tomcat's session management: Tomcat *can* handle this
situation
Hi, in helping a colleague diagnose another problem for another servlet, I was
using PsiProbe, and I noticed that it has session diagnostics. Doh! I promptly
fired up PsiProbe on my Tomcat server, returning to this JSESSIONID issue, and
watched the session get created as part of a password
> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> Subject: RE: Multiple JSESSIONID cookies being presented.
> I checked the error.jsp file and it does have session=true set, and if the
> icon file
> is missing, the error.jsp is definitely being sent.
> So
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Wednesday, September 09, 2015 1:50 PM
> To: Tomcat Users List
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> -BEGIN PGP SIGNED MESSAGE-
> H
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 9/9/15 9:43 PM, Pottinger, Hardy J. wrote:
> It doesn't matter which Authenticator is installed, they all behave
> the same way. The user name from httpd is used to populate the
> remote user name and the user principal and the user princip
Here is the web.xml for the main UI webapp
https://github.com/DSpace/DSpace/blob/master/dspace-xmlui/src/main/webapp/WEB-INF/web.xml
Sent from my Zact Mobile phone.
Mark Thomas wrote:
On 09/09/2015 21:30, Christopher Schultz wrote:
> Hardy,
>
> On 9/9/15 4:22 PM, Pottinger, Hardy J. wrote:
>> H
On 09/09/2015 21:30, Christopher Schultz wrote:
> Hardy,
>
> On 9/9/15 4:22 PM, Pottinger, Hardy J. wrote:
>> Ha, sorry for the useless detail :-)
>
> It's no problem. Stymied by the effective use of class extension
> features in an OO language. :)
>
Is that enough of a clue?
>>> Ha ha ha,
ember 09, 2015
> 3:09 PM To: Tomcat Users List Subject: Re: seeking help with
> stabilizing the persistence of a JSESSIONID
>
> Hardy,
>
> On 9/9/15 3:54 PM, Pottinger, Hardy J. wrote:
>> Well... it occurred to me that from time to time we happen to
>> have stack trac
comment, it would save me a bunch
of time ;)
- -chris
> From: Christopher Schultz
> [ch...@christopherschultz.net] Sent: Wednesday, September 09, 2015
> 3:09 PM To: Tomcat Users List Subject: Re: seeking help with
> stabilizing the persistence of a JSES
ace/DSpace/tree/master/dspace-api/src/main/java/org/dspace/authenticate
From: Christopher Schultz [ch...@christopherschultz.net]
Sent: Wednesday, September 09, 2015 3:09 PM
To: Tomcat Users List
Subject: Re: seeking help with stabilizing the persistence of a
:61)
at java.lang.Thread.run(Thread.java:745)
From: Pottinger, Hardy J.
Sent: Wednesday, September 09, 2015 2:54 PM
To: Tomcat Users List
Subject: RE: seeking help with stabilizing the persistence of a JSESSIONID
Well... it occurred to me that from time
ugh.
- -chris
> From: Pottinger, Hardy J. Sent: Wednesday, September 09, 2015 9:35
> AM To: Tomcat Users List Subject: RE: seeking help with stabilizing
> the persistence of a JSESSIONID
>
> Hi, thanks for following up! No, no luck at all. The web
> application I'm working
of a JSESSIONID
Hi, thanks for following up! No, no luck at all. The web application I'm
working with is based on Apache Cocoon 2.2, so, no JSPs in sight. I am actually
weighing my options, I have a choice to either pursue making the current design
work (i.e. try to get the session to stick a
t; Subject: RE: Multiple JSESSIONID cookies being presented.
>>
>>> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
>>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>>>> Thanks for the clarification of what's supposed to happen o
PP2, Tomcat will:
>
> a. Place a session identifier in the URL with value X b. Return a
> Set-Cookie response header for JSESSIONID with value Y
>
> Where X != Y?
>> So far, it looks like it is maintaining an X=Y philosophy. So
>> that's a non-starter.
Maybe we are
2015-09-09 18:08 GMT+02:00 Jeffrey Janner :
>> -Original Message-
>> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
>> Sent: Tuesday, September 08, 2015 4:58 PM
>> To: Tomcat Users List
>> Subject: RE: Multiple JSESSIONID cookies being prese
> -Original Message-
> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
> Sent: Tuesday, September 08, 2015 4:58 PM
> To: Tomcat Users List
> Subject: RE: Multiple JSESSIONID cookies being presented.
>
> > From: Jose María Zaragoza [mailto:demablo..
24 AM
To: Tomcat Users List
Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/4/15 4:32 PM, Pottinger, Hardy J. wrote:
>> Are you using AJP or HTTP as your proxy protocol? If AJP, are
>> you using to
> -Original Message-
> From: Igor Cicimov [mailto:icici...@gmail.com]
> Sent: Tuesday, September 08, 2015 10:09 PM
> To: Tomcat Users List
> Subject: RE: Multiple JSESSIONID cookies being presented.
>
> On 09/09/2015 7:13 AM, "Jeffrey Janner"
> wrot
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/4/15 4:32 PM, Pottinger, Hardy J. wrote:
>> Are you using AJP or HTTP as your proxy protocol? If AJP, are
>> you using tomcatAuthentication="false" on your ? I'm
>> not exactly sure what happens when you do that... you might get
>> a Non
On 09/09/2015 7:13 AM, "Jeffrey Janner" wrote:
>
> > -Original Message-
> > From: Jose María Zaragoza [mailto:demablo...@gmail.com]
> > Sent: Tuesday, September 08, 2015 9:22 AM
> > To: Tomcat Users List
> > Subject: Re: Multiple JSESSIONID coo
> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
> Subject: Re: Multiple JSESSIONID cookies being presented.
> > Thanks for the clarification of what's supposed to happen on receipt, Jose.
> > However, I am describing what happens on first contact from the cl
2015-09-08 22:57 GMT+02:00 Jeffrey Janner :
>> -Original Message-
>> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
>> Sent: Tuesday, September 08, 2015 9:08 AM
>> To: Tomcat Users List
>> Subject: Re: Multiple JSESSIONID cookies being presented.
&g
> -Original Message-
> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
> Sent: Tuesday, September 08, 2015 9:22 AM
> To: Tomcat Users List
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> 2015-09-08 15:51 GMT+02:00 Jeffrey Janner :
>
> -Original Message-
> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
> Sent: Tuesday, September 08, 2015 9:08 AM
> To: Tomcat Users List
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> 2015-09-08 15:51 GMT+02:00 Jeffrey Janner :
>
2015-09-08 15:51 GMT+02:00 Jeffrey Janner :
>> -Original Message-
>> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> Sent: Friday, September 04, 2015 12:46 PM
>> To: Tomcat Users List
>> Subject: Re: Multiple JSESSIONID cookies being p
2015-09-08 15:51 GMT+02:00 Jeffrey Janner :
>> -Original Message-
>> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> Sent: Friday, September 04, 2015 12:46 PM
>> To: Tomcat Users List
>> Subject: Re: Multiple JSESSIONID cookies being p
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Friday, September 04, 2015 12:46 PM
> To: Tomcat Users List
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> -BEGIN PGP SIGNED MESSAGE-
> H
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Friday, September 04, 2015 2:55 PM
> To: Tomcat Users List
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> -BEGIN PGP SIGNED MESSAGE-
> H
1 PM
To: Tomcat Users List
Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/3/15 2:32 PM, Pottinger, Hardy J. wrote:
>> Are you actually using HTTP Basic authentication? You may be
>> configur
t; Subject: Re: Multiple JSESSIONID cookies being presented.
>>
> Jeffrey,
>
> On 9/4/15 12:37 PM, Jeffrey Janner wrote:
>>>> I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but
>>>> I'm also seeing this on Windows (version doesn't matter
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Friday, September 04, 2015 12:46 PM
> To: Tomcat Users List
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> -BEGIN PGP SIGNED MESSAGE-
> H
cat 6.0.43 and Java 7U51.
>
> I have 2 contexts installed in Tomcat, one is ROOT, the other
> APP2. Both contexts start off at a login screen unique to the
> context and provided by it (not using container auth).
>
> When I connect to ROOT, no problem, but when I connect to APP2,
start off at a login screen unique to the context and provided by it
(not using container auth).
When I connect to ROOT, no problem, but when I connect to APP2, I get 2
JSESSIONID cookies, one with the path "/" and the other with the path "/APP2/".
On the Windows implementatio
On 03.09.2015 23:31, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/3/15 2:32 PM, Pottinger, Hardy J. wrote:
Are you actually using HTTP Basic authentication? You may be
configuring the wrong authenticator. (I know nothing about
Shibboleth)
I'm using A
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/3/15 2:32 PM, Pottinger, Hardy J. wrote:
>> Are you actually using HTTP Basic authentication? You may be
>> configuring the wrong authenticator. (I know nothing about
>> Shibboleth)
>
> I'm using Apache HTTPD as a front-end (via mod_pro
Schultz [ch...@christopherschultz.net]
Sent: Thursday, September 03, 2015 12:00 PM
To: Tomcat Users List
Subject: Re: seeking help with stabilizing the persistence of a JSESSIONID
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/3/15 12:52 PM, Pottinger, Hardy J. wrote:
> Hi, I'm trying
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hardy,
On 9/3/15 12:52 PM, Pottinger, Hardy J. wrote:
> Hi, I'm trying to disable session-fixation-attack protection on
> our test server, and I've added the following valve to both my
> application's context-fragment file, as well as the main
> co
11:13 AM
To: Tomcat Users List
Subject: RE: seeking help with stabilizing the persistence of a JSESSIONID
Hi, Chris, thanks for the quick reply! Right now I'm just grasping at straws.
If I can prove the JSESSIONID remains the same, and the previous URL is still
lost, I'll have definitive
Hi, Chris, thanks for the quick reply! Right now I'm just grasping at straws.
If I can prove the JSESSIONID remains the same, and the previous URL is still
lost, I'll have definitive proof that the application code is somehow at fault.
Right now I have this gray area where it
ly 4) user is
> returned to the home page of the site, instead of the item
> previously requested
>
> DSpace stores the previously-visited URL in the session. I can see
> the JSESSIONID cookie at step 1 above. At step 4, the JSESSIONID
> is new. In other words, the previous se
1 - 100 of 602 matches
Mail list logo
