good morning all!
i recently started using SSL for a portion of one of my sites, but for some
reason when i click an https link the called JSP gets a new session ID and i
loose the old one, however when i drop back to http the old session suddenly
reappears. my guess is that sessions are mapped on a per-protocol or
per-server-port basis. is there any way to maintain my sessionID between
http and https? i thought cookies were maintained on a per-server basis on
the client (when i look at cookies.txt i don't see any protocols or port
numbers in there...). ah, maybe it's related to Cookie.setSecure()?
perhaps Tomcat is using a non-secure cookie to maintain session ID and so it
can't be sent over a secure channel? (though i would think that sending a
non-secure cookie over a secure channel wouldn't be a problem, just the
other way around...). any ideas folks?
environment is RH Linux 6.0, Apache 1.3.11, Tomcat 3.0, mod_ssl 2.5.0.
thanks! :)
..................ron.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
