There's one thing you may do: implement an authentication web service on tomcat's side. Make a wsdl service running on it accepting request on whether given encrypted session id is a valid one, service does check either a running session use that id and simply replies OK or KO. But that means implementing a wsdl client on your php application ...
On Mon, May 4, 2009 at 10:40 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tokajac, > > On 5/3/2009 2:06 PM, Tokajac wrote: > > User should access the application directly (not proxying). > > On > > http://hc.apache.org/httpclient-3.x/tutorial.html > > as I see header is created for programatic access and not via browser. > > > > Is it possible to do this when I use browser for accessing? How? > > I don't believe you can subvert the browser's security mechanisms like > this. If you could, I would consider that a bug in the web browser that > should be fixed. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkn/UqoACgkQ9CaO5/Lv0PCBUwCgk0+82UOsFkk/tZ6jZfzMDO3l > w9cAmwew87+S14BNfBEOqM7RwZiyf+Mn > =TgBV > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
