[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - OWASP StingerFilter and JESSSIONID versus JESSIONIDSSO
bezdomny
do-not-reply at jboss.com
Wed Apr 11 09:57:37 EDT 2007
I'm using 4.0.5.GA and I have enabled the org.apache.catalina.authenticator.SingleSignOn valve in tomcat/server.xml. I'm trying to protect my web apps using the OWASP Stinger servlet filter, specifically its cookie validation feature. I'm trying to determine when I will get a regular JESSSIONID and when I will get a JESSIONIDSSO? I have noticed that I get either a varied points when I enter my web app. My app is only accessible via SSL and I have configured the SSO valve to my domain, not just the app context. Also,
Is there an issue with session cookies and IE7?
Thanks!
B
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4036371#4036371
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4036371
More information about the jboss-user
mailing list