We enable URL rewriting by response.encodeUrl(url), and it works fine for https URL's. But there is no longer any session tracking when we shift to https. I guess this because the Java URL class treats a https URL as "malformed URL".
On the other hand, I've heard that wise people use the SSL session instead of the simple jessionid for SSL connections. But how to enable this? Do we have to write it ourself? We use Tomcat 3.3, Apache 1.3.22, mod_ssl 2.8.5 on Solaris 5.7, JDK 1.2.2. Gerd Kersten -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>