You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by manjunath <ha...@yahoo.com> on 2003/06/11 14:05:28 UTC
Session variable returns null in non-SSL page
I am transporting the webapp which was running on IIS+Tomcat3.x to TOmcat4.1.24. I have used SSL session using HTTPS for login and some user specific jsp pages. I maintains session using HttpSession. there are some non-SSL HTTP pages where i access session variables. I am getting the session variable which i set in login page after successful login as null. THis is happening in Tomcat4.1.24 version. I t was working fine with Tomcat3.2 version.
can anybody suggest me some solution.
thanks in advance
-manjunath
---------------------------------
Do you Yahoo!?
Free online calendar with sync to Outlook(TM).
Re: Session variable returns null in non-SSL page
Posted by Jacob Kjome <ho...@visi.com>.
Being able to access your session in non-ssl after coming out of an ssl
environment is a security issue. Tomcat4.x.x allows sessions to move from
http ---> https, but not vice-versa. You may disagree with this
behavior. In that case, you'll have to search the archives for the
relevant conversations. There have been many. The solution is to stay in
https after you enter it until such time as you no longer require session
variables, then move back to http.
Jake
At 05:05 AM 6/11/2003 -0700, you wrote:
>I am transporting the webapp which was running on IIS+Tomcat3.x to
>TOmcat4.1.24. I have used SSL session using HTTPS for login and some user
>specific jsp pages. I maintains session using HttpSession. there are some
>non-SSL HTTP pages where i access session variables. I am getting the
>session variable which i set in login page after successful login as null.
>THis is happening in Tomcat4.1.24 version. I t was working fine with
>Tomcat3.2 version.
>
>can anybody suggest me some solution.
>
>thanks in advance
>
>-manjunath
>
>
>---------------------------------
>Do you Yahoo!?
>Free online calendar with sync to Outlook(TM).