2011/11/19 al pl <uhotsp...@gmail.com>: > Chuck, > > Regarding the browser it happens in both Chrome and IE and I don't think it > is browser related. > And regarding the cache header directives since that page is coming from a > secured location per > http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html I changed the > Form Authenticator valve so it send the same header as tomcat 6. Here is > the new header coming from tomcat 7: > > Server Apache-Coyote/1.1 > Pragma No-cache > Cache-Control no-cache > Expires Wed, 31 Dec 1969 16:00:00 PST > Accept-Ranges bytes > Etag W/"42566016-1196152620000" > Last-Modified Tue, 27 Nov 2007 08:37:00 GMT > Content-Type video/x-ms-wmv > Content-Length 42566016 > Date Fri, 18 Nov 2011 23:34:49 GMT >
That is what you see from browser? The requests send by browser and by Windows Media player might be different! (You will have to inspect network traffic to figure that. There are several tools available e.g. Wireshark and Fiddler2) The FORM Authentication actually relies on cookies. That is, your credentials are linked to your session cookie. In Tomcat 7 the session cookie is sent with HttpOnly flag by default. That is it is visible to Browser only, but not visible to JavaScript scripts or browser plugins. That is done for your safety, because it prevents certain types of attacks. It might be that the player tries to access the resource without valid cookie and receives Login form page as the response. I think AccessLog will show how many bytes were transferred. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
