On 15/12/2009 13:09, vramanaj wrote:
>
> I am not sure whether i can post this here or not. But i want to try my luck.
Please don't hijack threads. Many members of this list will ignore posts
that hijack other threads.
Mark
-
J7Ew/gW
> f9MAnjeIMMSJhO3et+EXonxuZW7o7/Et
> =L5et
> -END PGP SIGNATURE-
>
> -----
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: use
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
On 10/28/2009 11:55 AM, Joe Wallace wrote:
From Firefox Live HTTP Headers
Set-Cookie: JSESSIONID=B4F06784FE4EAA0A7C9830BBF86D85B4; Path=/inetwork; Secure
Location: https://216.94.100.154/inetwork/Start.jsp
H.
OK. Thanks to all.
Joe
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, October 28, 2009 12:40 PM
To: Tomcat Users List
Cc: p...@pidster.com
Subject: Re: SessionID cookie not secure over SSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
On 10/28/2009 11:55 AM, Joe Wallace wrote:
> From Firefox Live HTTP Headers
>
> Set-Cookie: JSESSIONID=B4F06784FE4EAA0A7C9830BBF86D85B4; Path=/inetwork;
> Secure
> Location: https://216.94.100.154/inetwork/Start.jsp
>
> H. That looks like
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
On 10/27/2009 5:34 PM, Joe Wallace wrote:
> Hi Chris,
> You wrote:
>> Tomcat will create its JSESSIONID cookie like this in all cases:
>
>> Cookie cookie = new Cookie("JSESSIONID", sessionId);
>> if(request.isSecure())
>> cookie.setSecure(true)
kie" + i + " value= " +
c[i].getValue());
System.out.println(" Cookie" + i + " isSecure=" +
c[i].getSecure());
}
}
JW
-Original Message-
From: Pid [mailto:p...@pidster.com]
Sent: Wednesday, October 28, 2009 9:52 AM
To: Tomcat Use
Pid wrote:
On 27/10/2009 22:31, Joe Wallace wrote:
André Warnier wrote:
Am I mistaken then to think that since the connection B from IIS to
Tomcat is not over HTTPS but over AJP, Tomcat has no idea that HTTPS is
being used ?
Whatever consequences this has in the context (and which are beyond m
: SessionID cookie not secure over SSL
Joe Wallace wrote:
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, October 27, 2009 4:48 PM
To: Tomcat Users List
Subject: Re: SessionID cookie not secure over SSL
Joe Wallace wrote:
I am using session cookies to
On 27.10.2009 22:10, André Warnier wrote:
> Joe Wallace wrote:
>>
>> -Original Message-
>> From: André Warnier [mailto:a...@ice-sa.com]
>> Sent: Tuesday, October 27, 2009 4:48 PM
>> To: Tomcat Users List
>> Subject: Re: SessionID cookie not secu
eturns true for request.isSecure()
calls Cookie.getSecure() and it returns false.
Joe
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, October 27, 2009 5:11 PM
To: Tomcat Users List
Subject: Re: SessionID cookie not secure over SSL
Joe Wallace wrote:
>
>
Joe Wallace wrote:
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, October 27, 2009 4:48 PM
To: Tomcat Users List
Subject: Re: SessionID cookie not secure over SSL
Joe Wallace wrote:
I am using session cookies to track sessions. I am used to Jrun
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, October 27, 2009 4:48 PM
To: Tomcat Users List
Subject: Re: SessionID cookie not secure over SSL
>Joe Wallace wrote:
>> I am using session cookies to track sessions. I am used to Jrun where you
Joe Wallace wrote:
I am using session cookies to track sessions. I am used to Jrun where you
would specifically set the cookie to be sent only over SSL or https. This was
not the default setting. I want users to connect to my web site using https
then they might click a link on one of my we
er 27, 2009 4:07 PM
To: Tomcat Users List
Subject: Re: SessionID cookie not secure over SSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
On 10/27/2009 5:00 PM, Joe Wallace wrote:
> I am using session cookies to track sessions. I am used to Jrun
> where you would specifically set the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
On 10/27/2009 5:00 PM, Joe Wallace wrote:
> I am using session cookies to track sessions. I am used to Jrun
> where you would specifically set the cookie to be sent only over SSL
> or https. This was not the default setting. I want users to co
protocal is not
secure. What is the behavior of the JSESSIONID cookie in this situation.
JW
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, October 27, 2009 3:42 PM
To: Tomcat Users List
Subject: Re: SessionID cookie not secure over SSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
(Can you fix your emailer to include thread-ids when replying to the
list? Your replies are not properly threaded, here.)
On 10/27/2009 4:12 PM, Joe Wallace wrote:
> I have a filter that calls
> Cookie.getName and
> Cookie.getSecure
> JSESSIONI
: Tomcat Users List
Subject: RE: SessionID cookie not secure over SSL
> From: Joe Wallace [mailto:j...@andar360.com]
> Subject: SessionID cookie not secure over SSL
>
> Is there a setting in Tomcat 6.0.2
Are you really using a version of Tomcat that old (Nov 2006)?
> to make the S
> From: Joe Wallace [mailto:j...@andar360.com]
> Subject: SessionID cookie not secure over SSL
>
> Is there a setting in Tomcat 6.0.2
Are you really using a version of Tomcat that old (Nov 2006)?
> to make the SessionID cookie secure
> when created over https when using
>
Is there a setting in Tomcat 6.0.2 to make the SessionID cookie secure when
created over https when using
AJP 1.3 connector for IIS?
JW
21 matches
Mail list logo
