You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2017/11/30 17:22:00 UTC
Re: unable to set the "secure="true" flag on server.xml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Naga,
On 11/30/17 12:11 PM, Naga Ramesh wrote:
> I have configured the tomcat8 version & used the AWS ELB, but I
> have set the “secure="true" flag on tomcat8/conf/server.xml file
> end, after that service started and login page came but I am unable
> to login the application and getting the oops session expired error
> message coming.
Please post your <Connector> configuration.
What did you expect secure="true" to actually do?
> Note: we have applied the SSL on AWS ELB end.
So you are terminating TLS at the ELB, right?
> ELB(https) -à tomcat-conenctor-8080
Traffic from ELB -> Tomcat is using HTTPS?
Why encrypt within your own VLAN?
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlogPjgdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFjNsw/6AgqvEO54pTNb2Uid
V9sAx5XLpH3YCQpRifJRQwM/VIyL8WCCASeEKHOf9ZFGQwgmdGbsWhiVbGIXZiKP
JsT5NMWOvL22ipLwj4EiTq0w7+8va4+fQGmFWqR29pLb6lRP0xpvkZZGndYWAH88
67/giHBiSSD3HtmZtuwmR9UItBLepIrd4bxK37aZtMIMztVMfFZlFpQcBzmRhoVX
kR8rEyJnbAn7Gqc0MY+nYpD5t/1xlUwypjN/GekfpgJX1Kg9Ac3OO2UlwaXECgM1
Yt9IGHHn2xILryfRfBdgxY+M+f013kGDRGerE2K/dDSsF7/T1W6uYiuPCsj3UX2t
tzMvdr1gDtZIVbBm2YyUoh3QMISuteYNTufFCyAWrvOjSSWgTeySTowNWmMvOHG9
PG6a+/gZawGjDDerIcPdUMMPJfsqJ85a0TbYJpHf5FJPeOkFkzMrrMPIeLVUlNpV
eAAwV3z3hTlpgyV8xaRNCKeMmli0/XDcruVrEKJXHOhmH0e1rqWa2A6OMkcBGxbu
xoUqVf69BOQz460iGMtO6TqDGF5InELKShEsfELHoSTr0SJ20qBsDM73cOCAKIFF
wu8wPoWla2f2psoQTLIQ521UQq/bVGm3V68ILr7rvRBtuSLl8GzF2VQoJeo6Dmto
pPMCCQwV75qLTjnO2Nk6LZ39Ai8=
=1f6y
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: unable to set the "secure="true" flag on server.xml
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Coty,
On 11/30/17 3:51 PM, Coty Sutherland wrote:
> On Thu, Nov 30, 2017 at 1:39 PM, Christopher Schultz
> <ch...@christopherschultz.net> wrote: Naga,
>
> On 11/30/17 12:29 PM, Naga Ramesh wrote:
>>>> Thanks Chris..
>>>>
>>>> See the below output and here not showing the secure.
>>>>
>>>> < HTTP/1.1 200 OK < Set-Cookie:
>>>> JSESSIONID=D14ACAB7CADB83FAD5C11296C75A09DB; Path=/; HttpOnly
>>>> < X-Frame-Options: DENY < X-Content-Type-Options: nosniff <
>>>> X-XSS-Protection: 1; mode=block < Content-Type:
>>>> text/html;charset=ISO-8859-1 < Content-Length: 5472 < Date:
>>>> Thu, 30 Nov 2017 17:26:37 GMT < Server:
>
> HTTP response headers don't say anything about "secure" anyway.
Agreed. I'm trying to get the OP to tell us what the desired behavior
is, AND what the experienced behavior is instead.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlohg68dHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFiKRQ//cIHsFTqPtENcTW1J
GevSMuh3LCjTTFs+3GJhmJ2FM+DL3C6+KosoFRRrr6NWhch9/Wxt4gdKO+7qimVV
0Q5TUXn7yypZzkrrWmqNrOODdDabe9nGg9L3eslyKOy3mjJHYyPn/bIbGbZmU866
wn1ltAozt7pwsLOI3RT1wK+1ZgKs+fAUHBdup7zV/G0E2wtXyFU2RzYUAF7UmSY6
5282/oIhBgDsLkcXHDjGAMiasgLNEKMBLmP+6f57MsIlKToFMP+tHWKF/28sqx2P
NYC61d0nmSLyHPZ/YarepkSqN9EyYakrzQzJDWjMyNk2KILF55ZHAWuv9oP7aFBm
/p0OkqWLhtV+a4ay2p9l2qKagObh57hZFzobgdUmId0SCqfgGdSxDmevK37pUJ/R
GOoRUS/7vMfiXV8z+b0sdVgAjrHZ71wgiJqqaCdEmYZDTp+Z8kk1xvkPGzB+DMuQ
DZJfZ0IEXaDV+GREFUW8nrTrcifmmF5TjtZlBHJuG0MoJsUBkSo8C1vFuSR2GDBO
Axe4BV6hUAuFJDpcnsUEU2lh5DjJ59hVRplqDgNFFG5EuroNDr+M5wujSsue3Lot
veGATKRmBiW7lq77qCVCtXuU4fPMCpiiE3rOrMaJHvdgB9Dj1BbnO8QKs93gboNf
r2z1QYMAmWBsibnjLpnWulio508=
=NypD
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: unable to set the "secure="true" flag on server.xml
Posted by Coty Sutherland <cs...@apache.org>.
On Thu, Nov 30, 2017 at 1:39 PM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Naga,
>
> On 11/30/17 12:29 PM, Naga Ramesh wrote:
>> Thanks Chris..
>>
>> See the below output and here not showing the secure.
>>
>> < HTTP/1.1 200 OK < Set-Cookie:
>> JSESSIONID=D14ACAB7CADB83FAD5C11296C75A09DB; Path=/; HttpOnly <
>> X-Frame-Options: DENY < X-Content-Type-Options: nosniff <
>> X-XSS-Protection: 1; mode=block < Content-Type:
>> text/html;charset=ISO-8859-1 < Content-Length: 5472 < Date: Thu, 30
>> Nov 2017 17:26:37 GMT < Server:
>
> HTTP response headers don't say anything about "secure" anyway.
Actually, they do :) Setting a cookie to secure keeps it from being
transmitted over HTTP.
Set-Cookie: JSESSIONID=07429A0D611B540BF985E10197241E5D; Path=/;
Secure; HttpOnly
>
> What are you trying to accomplish, and what have you tried?
>
> I'm not sure secure="true" does what you think it does.
>
> Please answer the questions I asked in my previous post. They will go
> a long way toward helping you.
That would definitely help.
>
> - -chris
>
>> -----Original Message----- From: Christopher Schultz
>> [mailto:chris@christopherschultz.net] Sent: Thursday, November 30,
>> 2017 10:52 PM To: users@tomcat.apache.org Subject: Re: unable to
>> set the "secure="true" flag on server.xml
>>
>> Naga,
>>
>> On 11/30/17 12:11 PM, Naga Ramesh wrote:
>>> I have configured the tomcat8 version & used the AWS ELB, but I
>>> have set the “secure="true" flag on tomcat8/conf/server.xml file
>>> end, after that service started and login page came but I am
>>> unable to login the application and getting the oops session
>>> expired error message coming.
>>
>> Please post your <Connector> configuration.
>>
>> What did you expect secure="true" to actually do?
>>
>>> Note: we have applied the SSL on AWS ELB end.
>>
>> So you are terminating TLS at the ELB, right?
>>
>>> ELB(https) -à tomcat-conenctor-8080
>>
>> Traffic from ELB -> Tomcat is using HTTPS?
>>
>> Why encrypt within your own VLAN?
>>
>> -chris
>>
>> ---------------------------------------------------------------------
>>
>>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>> ---------------------------------------------------------------------
>>
>>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlogUF4dHGNocmlzQGNo
> cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFinKxAAhhchuEFgo8dc+pZv
> YTg65qRlt7xS6s3ewlhY7RUrmNvzgYmjJC5tW81mNjNHhfPtMq7/WYNqoIS77b1+
> gZNYk4CtdNt8q3mJ0BUIqOoaSs9esvCv5WCs9jTh/dyhxra13s33V5NFkOvB26dB
> YgsxvZAxFYgim2Yp8Q1xoN8CRhi8UVLidd3V8QIebZQ3oFbBjKZzvXm9BShlablj
> RWuHHoj5A2Ks+BBqK6HR1Y1ZNoFqxaMtO7ZuxC4ytJVfhOvEXA2YoYDfOvxfHSIj
> WVGwCczp3TRHCW/blFGOMqoctLY9bbJcgLb4ZZQloo1B4tced4XFBz7ELJZ52FrI
> srHhH+md2udfGQ7ByJDOW7710IkDUXJvIO1JfJw/vC3s7rlGE61fXfncHPLg2Rer
> XA0Ij9cjGVRC7aPr/d2+tAGB9aO2BhEQimVMX0MzNLhoiQhFHK+Tuq8jCKWVUMzl
> m6VQNYulvisC0TnLQlzkFma+FZAlJ/RdkxQO3bFKaCt1UMMmluW0WQCAkmrCITzM
> Lz8dfXF1NIMGsCJYLzqWw/Bbtk8EoMEw4euV8Zwjnfo6iVB4fufOQiFdjr2AMQV3
> FT0pnfEZC+5KUMwhjbPBKmX7mivkckNGrB3MpUuvFW1XZpAFVK14W7HaGA++EbJY
> TB83V9GzPjyofj16b8lbJudggyY=
> =4btR
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: unable to set the "secure="true" flag on server.xml
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Naga,
On 11/30/17 12:29 PM, Naga Ramesh wrote:
> Thanks Chris..
>
> See the below output and here not showing the secure.
>
> < HTTP/1.1 200 OK < Set-Cookie:
> JSESSIONID=D14ACAB7CADB83FAD5C11296C75A09DB; Path=/; HttpOnly <
> X-Frame-Options: DENY < X-Content-Type-Options: nosniff <
> X-XSS-Protection: 1; mode=block < Content-Type:
> text/html;charset=ISO-8859-1 < Content-Length: 5472 < Date: Thu, 30
> Nov 2017 17:26:37 GMT < Server:
HTTP response headers don't say anything about "secure" anyway.
What are you trying to accomplish, and what have you tried?
I'm not sure secure="true" does what you think it does.
Please answer the questions I asked in my previous post. They will go
a long way toward helping you.
- -chris
> -----Original Message----- From: Christopher Schultz
> [mailto:chris@christopherschultz.net] Sent: Thursday, November 30,
> 2017 10:52 PM To: users@tomcat.apache.org Subject: Re: unable to
> set the "secure="true" flag on server.xml
>
> Naga,
>
> On 11/30/17 12:11 PM, Naga Ramesh wrote:
>> I have configured the tomcat8 version & used the AWS ELB, but I
>> have set the “secure="true" flag on tomcat8/conf/server.xml file
>> end, after that service started and login page came but I am
>> unable to login the application and getting the oops session
>> expired error message coming.
>
> Please post your <Connector> configuration.
>
> What did you expect secure="true" to actually do?
>
>> Note: we have applied the SSL on AWS ELB end.
>
> So you are terminating TLS at the ELB, right?
>
>> ELB(https) -à tomcat-conenctor-8080
>
> Traffic from ELB -> Tomcat is using HTTPS?
>
> Why encrypt within your own VLAN?
>
> -chris
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlogUF4dHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFinKxAAhhchuEFgo8dc+pZv
YTg65qRlt7xS6s3ewlhY7RUrmNvzgYmjJC5tW81mNjNHhfPtMq7/WYNqoIS77b1+
gZNYk4CtdNt8q3mJ0BUIqOoaSs9esvCv5WCs9jTh/dyhxra13s33V5NFkOvB26dB
YgsxvZAxFYgim2Yp8Q1xoN8CRhi8UVLidd3V8QIebZQ3oFbBjKZzvXm9BShlablj
RWuHHoj5A2Ks+BBqK6HR1Y1ZNoFqxaMtO7ZuxC4ytJVfhOvEXA2YoYDfOvxfHSIj
WVGwCczp3TRHCW/blFGOMqoctLY9bbJcgLb4ZZQloo1B4tced4XFBz7ELJZ52FrI
srHhH+md2udfGQ7ByJDOW7710IkDUXJvIO1JfJw/vC3s7rlGE61fXfncHPLg2Rer
XA0Ij9cjGVRC7aPr/d2+tAGB9aO2BhEQimVMX0MzNLhoiQhFHK+Tuq8jCKWVUMzl
m6VQNYulvisC0TnLQlzkFma+FZAlJ/RdkxQO3bFKaCt1UMMmluW0WQCAkmrCITzM
Lz8dfXF1NIMGsCJYLzqWw/Bbtk8EoMEw4euV8Zwjnfo6iVB4fufOQiFdjr2AMQV3
FT0pnfEZC+5KUMwhjbPBKmX7mivkckNGrB3MpUuvFW1XZpAFVK14W7HaGA++EbJY
TB83V9GzPjyofj16b8lbJudggyY=
=4btR
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: unable to set the "secure="true" flag on server.xml
Posted by Naga Ramesh <na...@manthan.com>.
Thanks Chris..
See the below output and here not showing the secure.
< HTTP/1.1 200 OK
< Set-Cookie: JSESSIONID=D14ACAB7CADB83FAD5C11296C75A09DB; Path=/; HttpOnly
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Content-Type: text/html;charset=ISO-8859-1
< Content-Length: 5472
< Date: Thu, 30 Nov 2017 17:26:37 GMT
< Server:
Regards,
Naga Ramesh
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Thursday, November 30, 2017 10:52 PM
To: users@tomcat.apache.org
Subject: Re: unable to set the "secure="true" flag on server.xml
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Naga,
On 11/30/17 12:11 PM, Naga Ramesh wrote:
> I have configured the tomcat8 version & used the AWS ELB, but I have
> set the “secure="true" flag on tomcat8/conf/server.xml file end, after
> that service started and login page came but I am unable to login the
> application and getting the oops session expired error message coming.
Please post your <Connector> configuration.
What did you expect secure="true" to actually do?
> Note: we have applied the SSL on AWS ELB end.
So you are terminating TLS at the ELB, right?
> ELB(https) -à tomcat-conenctor-8080
Traffic from ELB -> Tomcat is using HTTPS?
Why encrypt within your own VLAN?
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlogPjgdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFjNsw/6AgqvEO54pTNb2Uid
V9sAx5XLpH3YCQpRifJRQwM/VIyL8WCCASeEKHOf9ZFGQwgmdGbsWhiVbGIXZiKP
JsT5NMWOvL22ipLwj4EiTq0w7+8va4+fQGmFWqR29pLb6lRP0xpvkZZGndYWAH88
67/giHBiSSD3HtmZtuwmR9UItBLepIrd4bxK37aZtMIMztVMfFZlFpQcBzmRhoVX
kR8rEyJnbAn7Gqc0MY+nYpD5t/1xlUwypjN/GekfpgJX1Kg9Ac3OO2UlwaXECgM1
Yt9IGHHn2xILryfRfBdgxY+M+f013kGDRGerE2K/dDSsF7/T1W6uYiuPCsj3UX2t
tzMvdr1gDtZIVbBm2YyUoh3QMISuteYNTufFCyAWrvOjSSWgTeySTowNWmMvOHG9
PG6a+/gZawGjDDerIcPdUMMPJfsqJ85a0TbYJpHf5FJPeOkFkzMrrMPIeLVUlNpV
eAAwV3z3hTlpgyV8xaRNCKeMmli0/XDcruVrEKJXHOhmH0e1rqWa2A6OMkcBGxbu
xoUqVf69BOQz460iGMtO6TqDGF5InELKShEsfELHoSTr0SJ20qBsDM73cOCAKIFF
wu8wPoWla2f2psoQTLIQ521UQq/bVGm3V68ILr7rvRBtuSLl8GzF2VQoJeo6Dmto
pPMCCQwV75qLTjnO2Nk6LZ39Ai8=
=1f6y
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org