You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Jean-frederic Clere <jf...@gmail.com> on 2006/05/04 08:15:54 UTC

Re: SSL-based SessionTracking/Management

Oliver Schoenwald wrote:

> Dear developers,
>
> I have developed an SSL-based SessionManagement for our university's
> e-learning system because I was unsuccessful to find any ability of 
> Tomcat 5
> to create and manage an SSLSession as in the JSSE-Specification.
> Several weeks of googling after such a feature and asking questions in 
> the
> tomcat-user-mailingliste resulted in practically nothing.
>
> Because we wanted a session management without having to force our 
> students
> to activate cookies and without having to do url-rewriting, I did my own
> development which resulted (after several refactorings) in our own 
> SessionManagement.
> However, this SessionManagement is only a subpackage of our 
> webapplication,
> which has also its own authentication mechanism due to other 
> requirements that
> were set by our users. So far, it is a quite proprietary solution that 
> might be changed
> to be integrated as an alternative SessionManagement component.

Do you use client certificates?

>
> I wonder if there is someone or some people who are interested in 
> SSL-based
> SessionManagement? Or maybe there is some well hidden development 
> underway
> with the same objective? Maybe we could exchange some experience and 
> ideas and
> even find a way to add SSL-based SessionManagement to coming Tomcat 
> versions?
>
> If I should have been just blind to such a feature in Tomcat and there 
> is already a
> working solution I apologize for this - in that case - unnecessary 
> question in advance.
> In that case I would be happy if someone could point me to the right 
> documentation
> or source code to at least find what I searched for before.
>
> Thank you,
>
> Oliver Schönwald
> University of Hagen
> Germany
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org