Christopher Schultz-2 wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Iain,
>
> On 2/19/2010 7:02 AM, iainmac wrote:
>> I have just moved from 5.0.18 to 6.0.24 using JSSE for SSL.
>>
>> I have a web application that checks for a current session, and if there
>> isn't one it sends the user to a login screen. This is working fine from
>> Explorer as it did before in the previous version of Tomcat, but it keeps
>> saying the session is new in Firefox, Safari and Chrome.
>>
>> In the jsp, this keeps taking me back to the login screen...
>>
>> if (session.getAttribute("userName")==null){
>> response.sendRedirect("login.jsp");
>> return;
>> }
>
> You might want to provide more information, such as:
>
---------------------------
1. When do you set the "userName" attribute in the session?
On validation of the user.
2. When does authentication occur? How? Container-based, or your own?
I so also have container based as well as my own.
3. When does the session appear to be reset?
It's clear whats happenign - just not sure why:
1. From logon screen a new session is created, against that the username and
other attributes are stored.
2. After the logn screen does this it then redirects to the actual page I
need.
3. This page is made up of a parent frame and 2 sub-frames.
4. The parent frame (the named page that the redirect is to) does that check
above i.e. tries to get the Username from the session object- This works
successfully. This page begins to load.
5. The first sub-frame begins to lad, tries the same check - in MSIE (and in
Tomcat 5.0.28 other browers too) we are given the same validated session, so
all works fine. In other browsers with 6.0.24 a new session is given, and
so I am again redirected to the logon page! In a loop! Same this happens
with second sub frame.
As a work around I have simply rewritten my pages not to use frames, all
works fine. I do wish new versions would keep default behaviour or make it
clear the default behaviour has changed. I think its related to the session
hijacking mentioned in the other reply, but i didn't understand all on the
linked page.
---------------------------
Christopher Schultz-2 wrote:
>
> I'm surprised this is working any differently in MSIE than other
> browsers. Are you using any kind of javascript to drive this behavior?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkt+rlIACgkQ9CaO5/Lv0PA0GwCfYs+5Cgte9Y3dW+Xo8gEwWUcj
> 4mIAoKNEastlN4BmGe9pBUWrq/uxwSqG
> =pfbY
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
--
View this message in context:
http://old.nabble.com/6.0.24-SSL-Session-always-New-tp27652568p27658575.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
