Tomcat (starting with Tomcat 4) stores the JSESSIONID cookie as a
secure cookie that is tagged for port 443 (or 8443) when the session
begins under HTTPS. Browsers are not allowed to send secure cookies
under plain HTTP, so your session is lost. For Tomcat 4 or 5 you must
start your session
PROTECTED]; tomcat-user@jakarta.apache.org
Sent: Sunday, May 01, 2005 4:48 AM
Subject: Re: Session lost when switching from https to http in Tomcat 5.
Tomcat (starting with Tomcat 4) stores the JSESSIONID cookie as a secure
cookie that is tagged for port 443 (or 8443) when the session begins under
HTTPS
On 4/28/05, Anhony [EMAIL PROTECTED] wrote:
I have a servlet/JSP application in which users establish their servlet
session using https but conduct the rest of their interactions using http.
The session appears not to be preserved between https and http, ie. after
switching from back to http
@jakarta.apache.org
Sent: Thursday, April 28, 2005 10:26 AM
Subject: Re: Session lost when switching from https to http in Tomcat 5.
On 4/28/05, Anhony [EMAIL PROTECTED] wrote:
I have a servlet/JSP application in which users establish their servlet
session using https but conduct the rest
: Re: Session lost when switching from https to http in Tomcat 5.
On 4/28/05, Anhony [EMAIL PROTECTED] wrote:
I have a servlet/JSP application in which users establish their servlet
session using https but conduct the rest of their interactions using
http.
The session appears not to be preserved
Anhony [EMAIL PROTECTED] wrote:
I am using Tomcat 5.0.28
Users log into my application from https://xxx.com/login.jsp. When
submitted, I check for a valid userID/Password, create a session with
getSession(), and then save the userID/Password in a session variable.
The validated user is then