Re: SSL/HTTPS forwarding under Apache + mod_jk + tomcat

[Bill Davidson <bi...@gmail.com>]

Bill Davidson wrote:
> André Warnier wrote:
>> By the way, the reason why I can't try it right now is that I just 
>> don't have the application to try it with.  So whatever I mentioned 
>> before (but which apprently so far seems ok) was purely by attempting 
>> to understand the documentation. Beware.
> 
> I tried it today.  I disabled my cookie hack and set JkExtractSSL to off.
> It seems to work fine.  Obviously, I want to do a lot more testing but
> initially, it seems to look good.

There's a problem.

Unfortunately, we have a servlet in our app that calls request.isSecure()
to make sure that it's on a secure connection and because of
"JkExtractSSL off" it doesn't know whether it's on a secure connection
or not.  request.isSecure() will always return false because mod_jk
no longer tells it anything about SSL.

So I'm back to hacking the cookie.

I really want to just get rid of httpd and run Tomcat standalone.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org