You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Oliver Schoenwald <ol...@fernuni-hagen.de> on 2005/07/19 16:03:25 UTC

SSL Sessions in Tomcat 5.5.4

Hello,

how do I track sessions without using cookies or URL-writing?
Following the Servlet API 2.3, the third way to track sessions is by 
using the SSL-Layer to hold the ID.
I have tried that out with my installation (Apache 2.0.47, mod_jk2, 
Tomcat 5.5.4) and followed the
configuration hints about mod_jk and ssl.
However, using form-based authentication, the server seems not to save 
any session id as an attribute, ssl or anything.
In Bugzilla there was something about using  
request.getAttribute("javax.servlet.request.key_size") which would
"activate" another attribute which one should get with 
request.getAttribute("javax.servlet.request.ssl_session").
I tried that out - no effect.

Does someone use session tracking under SSL with a similar configuration 
like mine above? How do you set/access
the session id and get hold of the Session (or SSLSession)?

Thank you in advance,

Oliver Schönwald
University of Hagen, Germany


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org