Don't assume your SSL session or connection hasn't been invalidated just because you aren't asked to choose a certificate from your browser certs when you log in again. In our system (Tomcat 5.5.33), I know that our HTTP session and Single Sign-on session are invalidated upon logout, and we see similar behavior (no need to select certificate) upon re-login because the browser caches the user's certificate choice (and smart card PIN). Is your session ID the same when you go back in?
If you are using IE and you want to clear the browser cache to select another certificate, go to Tools->Internet Options, select Content tab, and click Clear SSL state. -----Original Message----- From: users-return-227483-STEVEN.J.ADAMUS=saic....@tomcat.apache.org [mailto:users-return-227483-STEVEN.J.ADAMUS=saic....@tomcat.apache.org] On Behalf Of Jürgen Jakobitsch Sent: Tuesday, September 06, 2011 3:12 PM To: Tomcat Users List Subject: Re: SSLSession invalidate thanks mark, if i understand you correct, it is simply NOT possible to invalidate the SSLSession of which i can get the id with request.getAttribute("javax.servlet.request.ssl_session") (it works with this key in 6.0.32) wkr turnguard ----- Original Message ----- From: "Mark Thomas" <ma...@apache.org> To: "Tomcat Users List" <users@tomcat.apache.org> Sent: Wednesday, September 7, 2011 12:08:29 AM Subject: Re: SSLSession invalidate On 06/09/2011 22:42, Jürgen Jakobitsch wrote: > apparently there is one, i can get it's id with > request.getAttribute("javax.servlet.request.ssl_session") That is a Tomcat bug it should be javax.servlet.request.ssl_session_id > in tomcat7 there's the possibility to use SSLSessionManager to > invalidate SSLSession, so i'm doing a wild guess, that something similar has > to be possible with tomcat6 as well. Your wild guess is wrong. That feature is in Tomcat 7 onwards. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- | Jürgen Jakobitsch, | Software Developer | Semantic Web Company GmbH | Mariahilfer Straße 70 / Neubaugasse 1, Top 8 A - 1070 Wien, Austria | Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22 COMPANY INFORMATION | http://www.semantic-web.at/ PERSONAL INFORMATION | web : http://www.turnguard.com | foaf : http://www.turnguard.com/turnguard | skype : jakobitsch-punkt --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
