You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Ben Wong <ed...@pacbell.net> on 2001/05/03 02:30:30 UTC

Preserving session state from https to http on tomcat

Hi,

I am using form login and I'd like to send my username/password via https to
the server. That can be easily accomplished by setting up the https
connection on port 8443 on tomcat. The problem is after logging in, I'd like
to switch back to http with the user "login state" preserved from the https
session. But alas, switching from https to http wipes out session info on
Netscape (4.7). When my post login jsp pages reference the previously set
session login object via http, null is returned. However, if I stay in
https, everything is fine.

I know bea weblogic has a solution where the server can be set to inhibit
the server port number from being included in the cookie sent back to
Netscape. This way only the domain name is sent. But I can't find that a
similar setting in Tomcat.

Any advice on this would be greatly appreciated.

Thanks

Ben Wong