You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Pulkit Singhal <pu...@gmail.com> on 2006/08/27 17:18:19 UTC

Re: session drop from https to http

Hmm...kind of makes sense doesn't it? I mean there are a lot of apps that
use the sessionID as a key of sorts for access or cookie management so its
ok to go from a http to https connections with the same session ID because
extra security is involved but not ok to go from https to http connection
with the same sessionID cause tis insecure.
I'm sure someone on the list can tell you how to actually make it happen the
way you want but this is just my 2 cts.

On 8/27/06, Amir S <am...@lastversion.com> wrote:
>
> Hi All,
>
> I have a Jakarta 5.0.28.
> When entering the tomcat first https://127.0.0.1/a.jsp and then
> http://127.0.0.1/b.jsp
> The sessionID changes?!
> In the revise (http://127.0.0.1/b.jsp and then https://127.0.0.1/a.jsp)
> order it does not, why is that?!
> How can I fix it?
> Please note that the different is in the HTTPS and HTTP order.
>
> Regards,
> Amir S
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>