There are actually two sessions involved in SSL. The ssl session, and the
http session. The ssl session is probably returning true before the http
session has been instantiated.
I ran into this problem with session timeouts. Make sure to use
shared="true" in your secure-site.xml, or your ssl sessions will timeout at
a different time than your http sessions. (after about 60-90 sec)
-Lkb
At 12:40 PM 10/2/00 -0500, Walker, Eric wrote:
> When accessing a web site configured for SSL I have noticed that
>calling HttpServletRequest.getRequestedSessionId() for a client that has
>not yet joined a session returns a non null value. The same scenario for a
>non-SSL site always returns a null. Any ideas why there is a difference
>between SSL vs. non-SSL? Thanks Eric
/**
* @author: Lorin Kobashigawa-Bates <[EMAIL PROTECTED]>
* @title: CodeMonkey / COO - Robot6 Inc.
* @phone: 415.345.8872
* @addr: 1177 Polk St. San Francisco, CA 94109
*/
