>
>
>
> No. That is by design. The session ID is almost as valuable as the
> password. If you need SSL to protect the password, you should use SSL to
> protect the session ID.
>
>
Well, that's fairly application specific, but the argument has also been
done to death elsewhere. Workaround is alread
Sam Gendler wrote:
> Is it possible that sessions aren't persistent when switching between
> connectors. The proxyPort attribute on the connector did fix my problem,
> but I've discovered that logging in over an https connection only works if I
> click the remember-me checkbox, which sets a cookie
That looks like it will work, but it doesn't explain why the connector would
think port 80 was appropriate. I could see port 8090 showing up, but given
that the scheme is https and there was no port number in the request, surely
it should have resolved that to port 443 instead of port 80? It just
Is it possible that sessions aren't persistent when switching between
connectors. The proxyPort attribute on the connector did fix my problem,
but I've discovered that logging in over an https connection only works if I
click the remember-me checkbox, which sets a cookie on the client and stores
s
2009/10/13 Sam Gendler :
> That method uses
> request.getScheme(), to retrieve "https" (correct) and
> request.getServerName() to get the correct host name. It then calls
> request.getServerPort(), which incorrectly returns the value of 80.
[...]
> What do I need to do to get the request to correc
For what it is worth, I confirmed that the same issue exists with the latest
6.0.20 release. I also confirmed that if I set up SSL to run on a
non-standard port (anything but 443), it works perfectly, because the port
number is correctly picked up from the Host header rather than being left at
the
[quickie synopsis]
A request arriving on a connector configured for scheme=https and with
secure=true is generating absolute redirect urls with scheme=https and port
= 80 (https://localhost:80/path.html) because incoming request was on 443
and didn't have an explicit port in the Host header.
[/quic
