You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mufaddal Khumri <mu...@wmotion.com> on 2003/05/01 12:14:32 UTC
Does switching from HTTPS to HTTP in this manner cause session attributes to be lost ?
What I am doing is
1. authenticating the user and store the User object in the session
(This is done by a LoginServlet running under tomcat)
2. Next the LoginServlet takes the user to Home.jsp using :
response.sendRedirect(response.encodeRedirectURL("http://" +
request.getServerName() + ":8080/myapp/Home.jsp"));
3. In Home.jsp at the top of the page i check for the User object. If
its not present in the session i take the user back to the Login.jsp:
response.sendRedirect(response.encodeRedirectURL("https://" +
request.getServerName() + ":8443/myapp/Login.jsp"));
Before I had everything working fine under just HTTPS. Now when I take
the user to Home.jsp ... i am using http instead of https.
Does switching from HTTPS to HTTP in this manner cause session
attributes to be lost ? Is there a work around to this ?