You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Martin Gainty <mg...@hotmail.com> on 2007/12/01 00:06:44 UTC
Re: SSL Session expires every request
Barbara
Filip asks if you are using
non SSL HTTP/1.1 HTTPConnector ***or***
SSL HTTP/1.1 Connector (presumably with Client certs)
?
M--
----- Original Message -----
From: "Filip Hanik - Dev Lists" <de...@hanik.com>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Friday, November 30, 2007 2:16 PM
Subject: Re: SSL Session expires every request
> what session are you talking about, the HTTP session or the actual SSL
> session?
>
> Filip
>
> Bárbara Vieira wrote:
> >
> >
> > Hi there!!
> >
> > I have a problem with SSL Session in Tomcat. I’m using CLIENT_CERT
> > authentication to authenticate users in my web application. But, the
session
> > expires at every request, in all browsers : Opera, IE, Firefox and
> > Netscape. This is not make any sense, and I don’t know solve this
problem L
> >
> > If somebody can help, I really appreciate that.
> >
> >
> >
> > Thanks for everything,
> >
> > Regards from Braga, Portugal
> >
> > Bárbara Vieira
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.5.503 / Virus Database: 269.16.10/1160 - Release Date:
11/29/2007 8:32 PM
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: SSL Session expires every request
Posted by Bárbara Vieira <ba...@di.uminho.pt>.
Hi Chuck!!!
Thanks for your help!! The problem is solved :) I don't know what was the
problem, but it is somewhere in my web application. I discovered that when I
try to create a new web application, with the same basic configurations. In
my new web application the session is maintained and everything works fine!!
Thanks any away :-)
Regards from Braga, Portugal
Bárbara Vieira
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: sábado, 1 de Dezembro de 2007 18:46
To: Tomcat Users List
Subject: RE: SSL Session expires every request
> From: Bárbara Vieira [mailto:barbarasv@di.uminho.pt]
> Subject: RE: SSL Session expires every request
>
> However, when the user is authenticated using a CERT,
> all the sessions are null : HttpSession in Servlets and
> Session(Internal Session) in my Valve.
The info is interesting, but you didn't answer my question:
> > How are you retrieving the session? A code sample would be good.
Note that the Servlet API spec indicates that
HttpServletRequest.getSession() should be called prior to committing the
response; are you complying with that?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: SSL Session expires every request
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Bárbara Vieira [mailto:barbarasv@di.uminho.pt]
> Subject: RE: SSL Session expires every request
>
> However, when the user is authenticated using a CERT,
> all the sessions are null : HttpSession in Servlets and
> Session(Internal Session) in my Valve.
The info is interesting, but you didn't answer my question:
> > How are you retrieving the session? A code sample would be good.
Note that the Servlet API spec indicates that HttpServletRequest.getSession() should be called prior to committing the response; are you complying with that?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: SSL Session expires every request
Posted by Bárbara Vieira <ba...@di.uminho.pt>.
Hi Chuck!
That's what I'm doing :
- I had implemented a valve that extends FormAuthenticator to provide 2
authentications methods at the same time : FORM and CLIENT_CERT.
- Until this week everything worked fine : I can authenticate the users with
2 authentications methods, and the session is maintained. Yesterday, when I
try to accede to HttpSession in Servlets, what's happen was: when the user
is authenticated using FORM method, HttpSession isn't null in servlets,
neither internal session(Session) in valve. However, when the user is
authenticated using a CERT, all the sessions are null : HttpSession in
Servlets and Session(Internal Session) in my Valve.
- Well, I thought that the problem was in my valve, so I disable my valve,
and in my web application I configured only one authentication method -
CLIENT_CERT. However, the HttpSession was still null.
- The strange thing is that everything works fine - I can authenticate the
user using CLIENT_CERT method, and retrieve to him the requested URL and I
have access to Principal in the HttpServletRequest object. But, when there
is no session.
- I had checked if the browsers accept cookies too, and it accepts.
Do you have any idea of what's happen?!
Thanks,
Regards from Braga, Portugal
Bárbara Vieira
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: sábado, 1 de Dezembro de 2007 00:30
To: Tomcat Users List
Subject: RE: SSL Session expires every request
> From: Bárbara Vieira [mailto:barbarasv@di.uminho.pt]
> Subject: RE: SSL Session expires every request
>
> HttpSession wasn't null in the beginning, when I started
> my implementation. However, now is null in every request.
How are you retrieving the session? A code sample would be good.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: SSL Session expires every request
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Bárbara Vieira [mailto:barbarasv@di.uminho.pt]
> Subject: RE: SSL Session expires every request
>
> HttpSession wasn't null in the beginning, when I started
> my implementation. However, now is null in every request.
How are you retrieving the session? A code sample would be good.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: SSL Session expires every request
Posted by Bárbara Vieira <ba...@di.uminho.pt>.
Hi Martin!
I'm using 2 connectors : non-SSL HTTP/1.1 Connector on port 8080 and SSL
HTTP/1.1 Connector on port 8443. Tomcat's connectors are very well
configured, because HttpSession wasn't null in the beginning, when I started
my implementation. However, now is null in every request. I can authenticate
the client, and the request has a principal that is not null. But session is
strangely null.
-----Original Message-----
From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: sexta-feira, 30 de Novembro de 2007 23:07
To: Tomcat Users List
Subject: Re: SSL Session expires every request
Barbara
Filip asks if you are using
non SSL HTTP/1.1 HTTPConnector ***or***
SSL HTTP/1.1 Connector (presumably with Client certs)
?
M--
----- Original Message -----
From: "Filip Hanik - Dev Lists" <de...@hanik.com>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Friday, November 30, 2007 2:16 PM
Subject: Re: SSL Session expires every request
> what session are you talking about, the HTTP session or the actual SSL
> session?
>
> Filip
>
> Bárbara Vieira wrote:
> >
> >
> > Hi there!!
> >
> > I have a problem with SSL Session in Tomcat. Im using CLIENT_CERT
> > authentication to authenticate users in my web application. But, the
session
> > expires at every request, in all browsers : Opera, IE, Firefox and
> > Netscape. This is not make any sense, and I dont know solve this
problem L
> >
> > If somebody can help, I really appreciate that.
> >
> >
> >
> > Thanks for everything,
> >
> > Regards from Braga, Portugal
> >
> > Bárbara Vieira
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.5.503 / Virus Database: 269.16.10/1160 - Release Date:
11/29/2007 8:32 PM
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org