[Bug 54340] Form-based authentication + url rewriting does not work

2013-01-04 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=54340 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 54340] Form-based authentication + url rewriting does not work

2012-12-26 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=54340 --- Comment #2 from Koen Deforche --- Hey, Indeed, it looks like the same bug. I really did search the database, but, apparently, not good enough, so sorry for that. We will test with a more recent version (we tested with tomcat 7.0.26 and

[Bug 54340] Form-based authentication + url rewriting does not work

2012-12-21 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=54340 --- Comment #1 from Konstantin Kolinko --- 1. Tomcat version = ? I'd guess that you are facing bug 53584, which was fixed in 7.0.30. > On top of this (and perhaps related to these problems), in the actual web > application a different se

[Bug 54340] New: Form-based authentication + url rewriting does not work

2012-12-21 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=54340 Bug ID: 54340 Summary: Form-based authentication + url rewriting does not work Product: Tomcat 7 Version: unspecified Hardware: PC OS: Linux

DO NOT REPLY [Bug 49299] Servlet 3.0 ch.7.1.1 says that custom cookie name affects URL rewriting

2010-05-16 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=49299 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|

DO NOT REPLY [Bug 49299] Servlet 3.0 ch.7.1.1 says that custom cookie name affects URL rewriting

2010-05-15 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=49299 --- Comment #1 from Mark Thomas 2010-05-15 19:24:26 EDT --- (In reply to comment #0) > 4. Expected result: if that phrase in 7.1.1 is to be followed, I would expect > the Reload link to be > > http://localhost:8080/cookiename/index.jsp;MYS

DO NOT REPLY [Bug 49299] New: Servlet 3.0 ch.7.1.1 says that custom cookie name affects URL rewriting

2010-05-15 Thread bugzilla
https://issues.apache.org/bugzilla/show_bug.cgi?id=49299 Summary: Servlet 3.0 ch.7.1.1 says that custom cookie name affects URL rewriting Product: Tomcat 7 Version: trunk Platform: PC OS/Version: Windows XP Status

Re: URL Rewriting

2008-12-28 Thread Jim Manico
Great, Mark, I'll add this as a bug and take it on. - Jim > Jim Manico wrote: > >> URL Rewriting is consider to be a significant security risk (session >> ID's get exposed in browser history, bookmarks, proxy servers and other >> server-side application lo

Re: URL Rewriting

2008-12-28 Thread Mark Thomas
Jim Manico wrote: > URL Rewriting is consider to be a significant security risk (session > ID's get exposed in browser history, bookmarks, proxy servers and other > server-side application logs). > > I would like to propose that we create a patch for Tomcat that allows &

URL Rewriting

2008-12-28 Thread Jim Manico
URL Rewriting is consider to be a significant security risk (session ID's get exposed in browser history, bookmarks, proxy servers and other server-side application logs). I would like to propose that we create a patch for Tomcat that allows URL Rewriting to be completely disable

RE: priority of session cookie and url rewriting

2008-01-21 Thread Daniele.Ulrich
January 20, 2008 6:33 PM To: Tomcat Developers List Subject: Re: priority of session cookie and url rewriting [EMAIL PROTECTED] wrote: > Is there another solution to this problem? The fix for bug 43839 should have fixed this. Mark ---

Re: priority of session cookie and url rewriting

2008-01-20 Thread Mark Thomas
[EMAIL PROTECTED] wrote: Is there another solution to this problem? The fix for bug 43839 should have fixed this. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

priority of session cookie and url rewriting

2008-01-20 Thread Daniele.Ulrich
We have two web applications: one (A) is using session cookies the other (B) is using url rewriting. The first access to the B is always done via A (request by HttpClient). For an upload form the architects (unfortunately?) switched from this approach to a direct call to B. In this case we have a

DO NOT REPLY [Bug 33806] - Session tracking using URL rewriting fails, if client URL-encodes reserved characters ; and =

2006-08-29 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 33806] - Session tracking using URL rewriting fails, if client URL-encodes reserved characters ; and =

2006-04-19 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 33806] - Session tracking using URL rewriting fails, if client URL-encodes reserved characters ; and =

2005-12-16 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu