It was my understanding that the fix for IE was just the securePagesWithPragma
change, which changes cache-control:no-cache to cache-control:private by
default.
According to the bug report, this should fix IE downloads even for secure
requests.
The problem is, this entire block is now ignored
On 08/16/2011 03:57 PM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael,
On 8/16/2011 4:42 PM, Zampani, Michael wrote:
I don't understand why it was ever present, though. Does anybody
know why you wouldn't want these headers on secure requests?
The svn comme
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael,
On 8/16/2011 4:42 PM, Zampani, Michael wrote:
> I don't understand why it was ever present, though. Does anybody
> know why you wouldn't want these headers on secure requests?
The svn comment says "...to reduce the likelihood of issues whe
Hi,
CLN 1126273
http://svn.apache.org/viewvc?view=revision&revision=1126273
Seems to have disabled the automatic addition of the cache-control and pragma
response headers on secure constrained pages.
The initial revision of this file(at least the oldest copy I could find) had
this check
http://
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Karl,
On 8/16/2011 7:00 AM, Lataxes, Karl wrote:
> As mentioned in an earlier post, our clients are not web browsers
> and do not support cookies. Session management is handled via an
> internally generated session id, and I am attempting to adapt a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chema,
On 8/16/2011 4:33 AM, Chema wrote:
>> How do you accomplish that? By doing this SSO
>> sniff-and-kill-session thing? It seems more straightforward to
>> expire a particular webapp's session explicitly and let the SSO
>> expire along with it. Do
Hi - I'm trying to migrate my IBI Web Focus application to new servers with an
upgraded OS and the web focus application is not receiving the sitminder HTTP
Header request through the ISAPI filter through to Tomcat.
Our server is setup with the following:
* Windows 2003
* IIS 6
From: Mark Thomas
To: Tomcat Users List
Sent: Tuesday, August 16, 2011 12:03 PM
Subject: Re: CVE-2011-2729
On 16/08/2011 17:01, Mladen Turk wrote:
> On 08/16/2011 05:59 PM, Mark Thomas wrote:
>> On 16/08/2011 16:56, Randal Bankman wrote:
>>> Greetings,
>
On 16/08/2011 17:01, Mladen Turk wrote:
> On 08/16/2011 05:59 PM, Mark Thomas wrote:
>> On 16/08/2011 16:56, Randal Bankman wrote:
>>> Greetings,
>>> A recent update to Tomcat (7.0.20) notes the vulnerability affects
>>> Linux. I wanted to ask if that is Linux and only Linux or does it
>>> inc
On 08/16/2011 05:59 PM, Mark Thomas wrote:
On 16/08/2011 16:56, Randal Bankman wrote:
Greetings,
A recent update to Tomcat (7.0.20) notes the vulnerability affects Linux. I
wanted to ask if that is Linux and only Linux or does it include other
Unix-like system(or even Unix proper)?
It app
On 16/08/2011 16:56, Randal Bankman wrote:
> Greetings,
> >
> A recent update to Tomcat (7.0.20) notes the vulnerability affects Linux. I
> wanted to ask if that is Linux and only Linux or does it include other
> Unix-like system(or even Unix proper)?
It applies to any OS that uses jsvc, which
Greetings,
A recent update to Tomcat (7.0.20) notes the vulnerability affects Linux. I
wanted to ask if that is Linux and only Linux or does it include other
Unix-like system(or even Unix proper)?
Thanks!
Randal
Chris,
As mentioned in an earlier post, our clients are not web browsers and do not
support cookies. Session management is handled via an internally generated
session id, and I am attempting to adapt an existing infrastructure to load
balancing with session stickiness. The recommendations I r
> How do you accomplish that? By doing this SSO sniff-and-kill-session
> thing? It seems more straightforward to expire a particular webapp's
> session explicitly and let the SSO expire along with it.
> Doesn't that mean you'll have to re-run the same query just to expire
> the sessions in the othe
Hi Andre
Sorry for this, I had pasted the entire xml file.. I am hereby providing the
server.xml with removing the commented parts.
Regards
Rakesh
On Tue, Aug 16, 2011 at 12:14 PM, André Warnier wr
15 matches
Mail list logo
