It is
easy enough to write a Valve to do this, but as I said, it won't work the
way you want it to. As such, I'd be against including it in Tomcat unless
you can write such a Valve and show that it works.
"atul" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTEC
I was wondering if a feature to achieve SSL "logout" would make it in here too
!
SSL Logout :
Provide a way to session-tear-off/logout for an authenticated session using
X509Certificate based client/mutual SSL. So that when the user tries to access
a protected resource again without closing t
client ssl re-negotiation after invalidating session
atul wrote:
> Is there a way in tomcat to re-negotiate client certificate after the http
> session has been invalidated (it had been successfully authenticated once
> before) in the app. i.e. without closing and starting a new clien
Is there a way in tomcat to re-negotiate client certificate after the http
session has been invalidated (it had been successfully authenticated once
before) in the app. i.e. without closing and starting a new client browser.
I tried accessing request attributes javax.servlet.request.X509Certifica
