I'm trying to use SSL for a login form and then redirect from https: to http: once I have passed my password. The rest of the site will be less secure but will not suffer the overhead of SSL.
Everything seems to work fine when cookies are enabled but when I rely only on URL rewriting my jsessionid is disregarded going to AND from https. Servlet Spec 2.3 says this "can be problematic". However, I can't rely on cookies and the environment is sufficiently secure to warrant this security level. I'm using Tomcat 4.0.3. Can this be configured to work? If not is there an adequate workaround? Thanks. ---------------- Peter Balmforth [EMAIL PROTECTED] Institute for Transport Studies, The University of Leeds, Leeds, LS2 9JT. Room 204 Ex. 31757 Tel. (0113) 3431757 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>