HTTP/HTTPS sessions

["Jain, Vikrant" <Vi...@Safenet-inc.com>]

Hi,

 

In my application HttpSession is getting created on a SSL Login page,
subsequently it redirects to HTTP page, but the HTTPS session is lost.

 

How do I maintain the same HttpSession across the HTTP and HTTPS Urls?  

I need to use HTTPS for several Urls, so the problem is not restricted
to Login page.

 

Thanks!

Vikrant


The information contained in this electronic mail transmission 
may be privileged and confidential, and therefore, protected 
from disclosure. If you have received this communication in 
error, please notify us immediately by replying to this 
message and deleting it from your computer without copying 
or disclosing it.

Re: HTTP/HTTPS sessions

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vikrant,

On 5/27/2009 12:48 AM, Jain, Vikrant wrote:
> In my application HttpSession is getting created on a SSL Login page,
> subsequently it redirects to HTTP page, but the HTTPS session is lost.
> 
> How do I maintain the same HttpSession across the HTTP and HTTPS Urls?  

This question has been answered on this list before several times,
occasionally by me. Check the archives for secure cookies, https, etc.
and see what's already been said. What's important to understand is that
there's no magic "make it work" setting in Tomcat: you have to code
around the problem yourself.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkoe5n0ACgkQ9CaO5/Lv0PB1zACcDVKZzfUqUjmbfVkfPlnXkY4C
6/8AoK+ohxBO/lQUKliI/HJQCp5fba3i
=BRT4
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org