Session variable returns null in non-SSL page

[manjunath <ha...@yahoo.com>]

I am transporting the webapp which was running on IIS+Tomcat3.x to TOmcat4.1.24. I have used SSL session using HTTPS for login and some user specific jsp pages. I maintains session using HttpSession. there are some non-SSL HTTP pages where i access session variables. I am getting the session variable which i set in login page after successful login as null. THis is happening in Tomcat4.1.24 version. I t was working fine with Tomcat3.2 version. 

can anybody suggest me some solution. 

thanks in advance 

-manjunath


---------------------------------
Do you Yahoo!?
Free online calendar with sync to Outlook(TM).

Re: Session variable returns null in non-SSL page

[Jacob Kjome <ho...@visi.com>]

Being able to access your session in non-ssl after coming out of an ssl 
environment is a security issue.  Tomcat4.x.x allows sessions to move from 
http ---> https, but not vice-versa.  You may disagree with this 
behavior.  In that case, you'll have to search the archives for the 
relevant conversations.  There have been many.  The solution is to stay in 
https after you enter it until such time as you no longer require session 
variables, then move back to http.

Jake


At 05:05 AM 6/11/2003 -0700, you wrote:

>I am transporting the webapp which was running on IIS+Tomcat3.x to 
>TOmcat4.1.24. I have used SSL session using HTTPS for login and some user 
>specific jsp pages. I maintains session using HttpSession. there are some 
>non-SSL HTTP pages where i access session variables. I am getting the 
>session variable which i set in login page after successful login as null. 
>THis is happening in Tomcat4.1.24 version. I t was working fine with 
>Tomcat3.2 version.
>
>can anybody suggest me some solution.
>
>thanks in advance
>
>-manjunath
>
>
>---------------------------------
>Do you Yahoo!?
>Free online calendar with sync to Outlook(TM).