You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Mufaddal Khumri <mu...@wmotion.com> on 2003/05/01 12:14:32 UTC

Does switching from HTTPS to HTTP in this manner cause session attributes to be lost ?


What I am doing is
1.  authenticating the user and store the User object in the session 
(This is done by a LoginServlet running under tomcat)
2.  Next the LoginServlet takes the user to Home.jsp using :
response.sendRedirect(response.encodeRedirectURL("http://" + 
request.getServerName() + ":8080/myapp/Home.jsp"));
3. In Home.jsp at the top of the page i check for the User object. If 
its not present in the session i take the user back to the Login.jsp:
response.sendRedirect(response.encodeRedirectURL("https://" + 
request.getServerName() + ":8443/myapp/Login.jsp"));

Before I had everything working fine under just HTTPS. Now when I take 
the user to Home.jsp ... i am using http instead of https.

Does switching from HTTPS to HTTP in this manner cause session 
attributes to be lost ? Is there a work around to this ?