Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-24 Thread Konstantin Kolinko
>> >> HTTP/1.1 302 Found >> Set-Cookie: JSESSIONIDSSO= CF7B7727443A3AAD1AC3AA033E4D98BE; Expires=Thu, 01-Jan-1970 00:00:10 GMT >> (...) I filed this issue into bugzilla: https://issues.apache.org/bugzilla/show_bug.cgi?id=5 Best regards, Konstantin Kolinko ---

RE: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-24 Thread Konstantin Preißer
Hi, > -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Thursday, June 19, 2014 5:40 PM > > > > I haven't followed all of this discussion, but as for deleting a > > Cookie, I think the problem is that there isn't an explicit > > "Delete-Cookie" he

RE: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-23 Thread Radha Krishna Meduri -X (radmedur - HCL TECHNOLOGIES LIMITED at Cisco)
rom: Radha Krishna Meduri -X (radmedur - HCL TECHNOLOGIES LIMITED at Cisco) Sent: Thursday, June 19, 2014 7:47 PM To: Tomcat Users List Subject: RE: Regarding JSESSIONIDSSO Cookie maintained by tomcat Ofcourse, I am not waiting :-) -Original Message- From: Christopher Schultz

Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-19 Thread Christopher Schultz
ect: Re: Regarding >> JSESSIONIDSSO Cookie maintained by tomcat >> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> >> Konstantin, >> >> On 6/18/14, 5:34 AM, Konstantin Kolinko wrote: >>> 2014-06-18 11:57 GMT+04:00 Konstantin Kolinko &

RE: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-19 Thread Radha Krishna Meduri -X (radmedur - HCL TECHNOLOGIES LIMITED at Cisco)
Ofcourse, I am not waiting :-) -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, June 19, 2014 7:44 PM To: Tomcat Users List Subject: Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat -BEGIN PGP SIGNED MESSAGE- Hash: SHA256

Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-19 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Radha, On 6/19/14, 6:32 AM, Radha Krishna Meduri -X (radmedur - HCL TECHNOLOGIES LIMITED at Cisco) wrote: > Thanks Konstantin. This is what I am asking in my very first mail. > Why can't we empty the value in case Cookie is expired. > > Konstantin

RE: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-19 Thread Radha Krishna Meduri -X (radmedur - HCL TECHNOLOGIES LIMITED at Cisco)
ding JSESSIONIDSSO Cookie maintained by tomcat Hi, > -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, June 18, 2014 4:23 PM > To: Tomcat Users List > Subject: Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat >

Fwd: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-18 Thread lodasn
please get me out of the mailist.Thank you. -- Forwarded message -- From: Konstantin Preißer Date: 2014-06-19 0:05 GMT+08:00 Subject: RE: Regarding JSESSIONIDSSO Cookie maintained by tomcat To: Tomcat Users List Hi, > -Original Message- > From: Christopher S

RE: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-18 Thread Konstantin Preißer
Hi, > -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, June 18, 2014 4:23 PM > To: Tomcat Users List > Subject: Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat > > -BEGIN PGP SIGNED MESSAG

Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-18 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 6/18/14, 5:34 AM, Konstantin Kolinko wrote: > 2014-06-18 11:57 GMT+04:00 Konstantin Kolinko > : >>> >>> HTTP/1.1 302 Found Set-Cookie: >>> JSESSIONIDSSO=CF7B7727443A3AAD1AC3AA033E4D98BE; Expires=Thu, >>> 01-Jan-1970 00:00:10 GMT Prag

Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-18 Thread Konstantin Kolinko
2014-06-18 11:57 GMT+04:00 Konstantin Kolinko : >> >> HTTP/1.1 302 Found >> Set-Cookie: JSESSIONIDSSO=CF7B7727443A3AAD1AC3AA033E4D98BE; Expires=Thu, >> 01-Jan-1970 00:00:10 GMT >> Pragma: No-cache >> Cache-Control: no-cache >> Expires: Thu, 01 Jan 1970 00:00:00 UTC >> Set-Cookie: JSESSIONID=235F42

Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-18 Thread Konstantin Kolinko
2014-06-18 12:13 GMT+04:00 Radha Krishna Meduri -X (radmedur - HCL TECHNOLOGIES LIMITED at Cisco) : > Thanks Konstantin for your quick reply. > Actually Security Scanners are thinking that "secure" and "httpOnly" flag is > not set and raising as issue. I would like to set these values by overridin

RE: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-18 Thread Radha Krishna Meduri -X (radmedur - HCL TECHNOLOGIES LIMITED at Cisco)
exact value. One can argue still this is vulnerable through MitM as the JSESSIONIDSSO cookie value is present. What do you think? -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Wednesday, June 18, 2014 1:27 PM To: Tomcat Users List Subject: Re: Regarding JSESSIO

Re: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-18 Thread Konstantin Kolinko
2014-06-18 10:45 GMT+04:00 Radha Krishna Meduri -X (radmedur - HCL TECHNOLOGIES LIMITED at Cisco) : > Hi Tomcat Users, > > We are using Tomcat 6.0.37 version. I have few questions regarding > JSESSIONIDSSO cookie generated by tomcat. > As you know, in general each cookie needs to set "httpOnly" an

RE: Regarding JSESSIONIDSSO Cookie maintained by tomcat

2014-06-17 Thread Radha Krishna Meduri -X (radmedur - HCL TECHNOLOGIES LIMITED at Cisco)
Hi Tomcat Users, We are using Tomcat 6.0.37 version. I have few questions regarding JSESSIONIDSSO cookie generated by tomcat. As you know, in general each cookie needs to set "httpOnly" and "Secure" flags. I understand both JSESSIONID and JSESSIONIDSSO cookies are maintained by Tomcat for sessi