You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Ch...@emc.com on 2011/10/24 17:30:55 UTC

servlet session method with https

The specification ( servlet 2.4 ) says that the servlet session may be implemented via session cookie or, in the case of https, via the ssl mechanism.  My server is only accessible via https.  Does tomcat use the ssl mechanism in this case?  I do see the JSESSINID cookie, so as far as I can tell, it uses the cookie method.

Re: servlet session method with https

Posted by Mark Thomas <ma...@apache.org>.

On 24/10/2011 16:30, Chad.Davis@emc.com wrote:
> The specification ( servlet 2.4 ) says that the servlet session may
> be implemented via session cookie or, in the case of https, via the
> ssl mechanism.  My server is only accessible via https.  Does tomcat
> use the ssl mechanism in this case?

No. SSL based session tracking is only available from Tomcat 7 onwards.

> I do see the JSESSINID cookie,
> so as far as I can tell, it uses the cookie method.

I assume that cookie name is a typo and you meant JSESSIONID.

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org