On 29/11/2013 13:55, at.silk wrote: > Hi, > > I'm a senior consultant and I contact you to talk about an exception > that we receive in a Tomcat class. > > Few days ago we get an error in an application integrated with > Tomcat. The exception is raised by Tomcat so a blank page is > displayed in our portal application. We have tried to get information > about it but we don't find any solution, so we would like to know if > you are aware about this issue. > > The exception is related to session expiration, and concretely is > produced in this section: > [org\apache\catalina\connector\CoyoteAdapter.java] Method > parseSessionSslId: > request.setRequestedSessionId(request.getAttribute(SSLSupport.SESSION_ID_KEY).toString()); > > request.setRequestedSessionSSL(true); > > The exception is raised when the session id is empty due to we have > an expired session.
How is that possible? If there is no SSL session the client should not be able to send a request to Tomcat since that would mean that the HTTPS connection had not been established. Since this code is only triggered when parsing a request from the client this error should never be observed. > We have protected with a try catch this code > section and now our application does not receive the error and we can > see our page displayed, obviously with the invalid session. > > Context: - Tomcat version: 7.0.25 - OS: Linux distribution - Liferay > 6.1GA1 portal integrated with Tomcat - We don't negotiate user > session by the sessionid with the cookie but with the certificate. - > Tomcat server.xml configuration: <!-- Define an AJP 1.3 Connector on > port 8009 --> <Connector URIEncoding="UTF-8" port="8009" > protocol="AJP/1.3" redirectPort="8080" scheme="http" secure="false" > /> <!-- Define an AJP 1.3 Connector on port 8010 --> <Connector > URIEncoding="UTF-8" port="8010" protocol="AJP/1.3" > redirectPort="8443" scheme="https" secure="true" /> <Connector > URIEncoding="UTF-8" port="8080" connectionTimeout="20000" > protocol="HTTP/1.1"/> <Connector URIEncoding="UTF-8" port="8443" > protocol="HTTP/1.1" SSLEnabled="true" clientAuth="false" > keystoreFile="xxx" keystorePass="yyy" keystoreType="PKCS12" > maxThreads="150" scheme="https" secure="true" sslProtocol="TLS"/> > > Do you think that it could be considered for next Tomcat versions? Based on the information provided to date, no. With a better explanation of what is going on and why this is a Tomcat bug, maybe. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
