On 08/02/18 20:15, Pierre Chiu wrote:
> Is there anybody out there successfully running tomcat 9.0.4 or 8.5.27 with
> https, http2 and gzip working?
> If so, please share your config.
Clean install of 9.0.x built from source (relevant code hasn't changed).
Will be the same with 9.0.4 (as this is
Is there anybody out there successfully running tomcat 9.0.4 or 8.5.27 with
https, http2 and gzip working?
If so, please share your config.
Thanks in advance.
> On Feb 7, 2018, at 6:35 PM, Newbium Team wrote:
>
> Hello,
>
> Tomcat: 9.0.4
> Debian server
> Java 8
>
> We have have enabled Gzi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Peter,
On 2/8/18 11:30 AM, Peter Kreuser wrote:
> Forgive the top-post!
:/
iOS mail lets you type anywhere you want!
> Going back to the root-cause of the question:
>
> In my opinion the security requirement stems from the idea, that a
> logout
Dear all,
Forgive the top-post!
Going back to the root-cause of the question:
In my opinion the security requirement stems from the idea, that a logout must
invalidate the session and thus make the data practically inaccessible -
instead of just removing a typical loggedin flag and keeping the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 2/8/18 4:49 AM, Mark Thomas wrote:
> On 07/02/18 23:49, Alex O'Ree wrote:
>> I was recently perusing security implementation guides and ran
>> across one that required that sessions id's be "destroyed" after
>> use and not reused. From my u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
To whom it may concern,
On 2/7/18 6:35 PM, Newbium Team wrote:
> Hello,
>
> Tomcat: 9.0.4 Debian server Java 8
>
> We have have enabled Gzip for http/2
Please post your configuration.
> but we are not getting *Content Enabled: Gzip* in our HTML
On 07/02/18 23:49, Alex O'Ree wrote:
> I was recently perusing security implementation guides and ran across one
> that required that sessions id's be "destroyed" after use and not reused.
> From my understanding, it looks like the java/tomcat/servlet equivalent is
> the jessionid. I'm assuming thi
