SSL Session expires every request

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Tomcat - JSP/Servlet container

Struts - A MVC web framework

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

JSP - A mailing list about Java Server Pages specification and reference

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Subject: Servlet : Session invalidate
•	Oracle Connection Pooling in 3 2 2
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Subject: Running a Simple JMS Example
•	Tomcat and webapplication specific java library path
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	Value attribute of <html:checkbox
•	url string for connecting jboss to oracle
•	javax servlet ServletException: BeanUtils populate
•	5 0 18: Windows XP Pro vs Windows 2000
•	HTTP Status 404 The requested resource is not available

SSL Session expires every request

SSL Session expires every request

2007-12-01 - By B?rbara Vieira

Back

Reply: 1 2 3 4 5 6 7 8 9 10

Hi Chuck!
That's what I'm doing :

- I had implemented a valve that extends FormAuthenticator to provide 2
authentications methods at the same time : FORM and CLIENT_CERT.

- Until this week everything worked fine : I can authenticate the users with
2 authentications methods, and the session is maintained. Yesterday, when I
try to accede to HttpSession in Servlets, what's happen was: when the user
is authenticated using FORM method, HttpSession isn't null in servlets,
neither internal session(Session) in valve. However, when the user is
authenticated using a CERT, all the sessions are null : HttpSession in
Servlets and Session(Internal Session) in my Valve.

- Well, I thought that the problem was in my valve, so I disable my valve,
and in my web application I configured only one authentication method -
CLIENT_CERT. However, the HttpSession was still null.

- The strange thing is that everything works fine - I can authenticate the
user using CLIENT_CERT method, and retrieve to him the requested URL and I
have access to Principal in the HttpServletRequest object. But, when there
is no session.

- I had checked if the browsers accept cookies too, and it accepts.

Do you have any idea of what's happen?!
Thanks,
Regards from Braga, Portugal
B?rbara Vieira

-- --Original Message-- --
From: Caldarale, Charles R [mailto:Chuck.Caldarale@(protected)]
Sent: s?bado, 1 de Dezembro de 2007 00:30
To: Tomcat Users List
Subject: RE: SSL Session expires every request

> From: B?rbara Vieira [mailto:barbarasv@(protected)]
> Subject: RE: SSL Session expires every request
>
> HttpSession wasn't null in the beginning, when I started
> my implementation. However, now is null in every request.

How are you retrieving the session? A code sample would be good.

- Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)