users@glassfish.java.net

Re: ssl and session support

From: Jan Luehe <Jan.Luehe_at_Sun.COM>
Date: Tue, 16 Jan 2007 09:53:42 -0800

Hi Wolfram,

w.rittmeyer_at_jsptutorial.org wrote On 01/15/07 11:13 PM,:

>I've googled a bit - and have looked into the SJSAS developer and deployer guides - to see whether Glassfish supports SSL sessions as a means to provide http session handling - as stated in the servlet spec chapter SRV.7.1.2.
>
>But I couldn't find any hint that this would be the case.
>
>So I guess Glassfish does not support this as a third mechanism in addition to using cookies or url rewriting. Is this correct?
>
>

Correct, the servlet container in GlassFish does not use any SSL session
id to keep track
of its own sessions. Neither does Tomcat. Do you know any servlet
container that does?

Thanks,

Jan


>But if supported: How can I enable this (_do_ I have to enable this)? And how can I make use of SSL based sessions?
>
>
>Thx,
>
>Wolfram Rittmeyer
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>