PROTECTED]
Subject: Re: Session behaviour across http/https boundary
Martin Alley [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi,
I have a small web app that appears to illustrate the following
behaviour.
Session started in http is carried over to https, but session started
in
https
On Apr 9, 2004, at 3:28 AM, Martin Alley wrote:
BTW Do you know if this policy in the browser, or if tomcat uses the
refer header to implement it on the server?
This is probably a side effect of the way cookies work. A cookie can
have a 'secure' flag set, which means it won't get sent over a
This is implemented within tomcat.
Mark
-Original Message-
From: Martin Alley [mailto:[EMAIL PROTECTED]
Sent: Friday, April 09, 2004 8:28 AM
To: 'Tomcat Users List'
Subject: RE: Session behaviour across http/https boundary
Hi Bill,
Thanks for clarifying.
BTW Do you know
Martin Alley [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi,
I have a small web app that appears to illustrate the following
behaviour.
Session started in http is carried over to https, but session started in
https is *not* carried over to http!
Why?
This is for security