I am transporting the webapp which was running on IIS+Tomcat3.x to TOmcat4.1.24. I
have used SSL session using HTTPS for login and some user specific jsp pages. I
maintains session using HttpSession. there are some non-SSL HTTP pages where i access
session variables. I am getting the session
Being able to access your session in non-ssl after coming out of an ssl
environment is a security issue. Tomcat4.x.x allows sessions to move from
http --- https, but not vice-versa. You may disagree with this
behavior. In that case, you'll have to search the archives for the
relevant
