This makes sense if you think about it since the secure server and the
non-secure server are different web-apps.
I got around this problem by adding shared='true' to the web-app tag for
both web-apps. Now sessions and context information is the same and no more
problem.
Now -- I'm not sure
Oops, I missed it in my last post...
I got the same problem. What I did (and it worked, even as it seems
that it shouldn't) was to store a session reference in the application
context in the last non-secure page, and then retrieve it in the first
secure page. Every object that was store in the
