-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To whom it may concern,
On 1/15/2011 7:36 AM, spr...@gmx.eu wrote: >> Well, saying you use Form auth was misleading, wasn't it? > > Is called FormAuth in Spring too. While that may be true, simply stating that you are using FORM authentication usually leads people to think that you are using the container's FORM authenticator. Were we supposed to guess that you were using Spring? >> If you're using Spring Security maybe your question would be better >> addressed to one of the Spring forums? > > Hm. But it works in TC 6.0 with the same version of spring. It is still worth asking the Spring folks. Presumably, they know how their authenticator interacts with various containers. >>>> Are you unable to retrieve the new session id? >>> This is all done magically by the Applet-Java-Runtime. >>> >> >> Really... ? > > Somehow the Java-Browser-Plugin is communicating with the browser and when > you are doing HTTP request from within an applet, the session cookie gets > automatically sent too. If the applet is sniffing the session id from the browser, then it should always be correct: when Tomcat changes your session id, it tells the browser what the new one is using a Set-Cookie response header. If that occurs /before/ the applet loads, then the applet should never see the old session id and you shouldn't have a problem. It sounds like your situation is a bit more complicated. Perhaps you could walk us through the scenario? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk014DwACgkQ9CaO5/Lv0PCJGQCdFC/kQuZi2LS1RkhhdU8Og3Fc LIwAn1kBBzARx7+ChdLVtYe6LusEGrHv =mTkR -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
