In the Final Release of the Servlet 2.2 Spec, it states that SSL has some
unique-ID capability within it, so no additional "outside" support (like
cookies) are required; I'm guessing that under HTTP, the engine's using a
cookie to ID the session, but under SSL, it's using that uniqueness field to
do so--hence, it thinks you have two separate sessions.
As to how to get them to recognize one another, THAT, I can't help you with.
:(
(We're using SSL at Edfund, and this has come up once or twice before, until
we decided/realized the entire app would be under SSL from the very first
page and stopped worrying about it.)
Ted Neward
Java Instructor, DevelopMentor ( http://www.develop.com )
http://www.javageeks.com/~tneward
-----Original Message-----
From: Ron Reynolds <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, February 04, 2000 12:04 PM
Subject: sessions between http and https
>good morning all!
>i recently started using SSL for a portion of one of my sites, but for some
>reason when i click an https link the called JSP gets a new session ID and
i
>loose the old one, however when i drop back to http the old session
suddenly
>reappears. my guess is that sessions are mapped on a per-protocol or
>per-server-port basis. is there any way to maintain my sessionID between
>http and https? i thought cookies were maintained on a per-server basis on
>the client (when i look at cookies.txt i don't see any protocols or port
>numbers in there...). ah, maybe it's related to Cookie.setSecure()?
>perhaps Tomcat is using a non-secure cookie to maintain session ID and so
it
>can't be sent over a secure channel? (though i would think that sending a
>non-secure cookie over a secure channel wouldn't be a problem, just the
>other way around...). any ideas folks?
>environment is RH Linux 6.0, Apache 1.3.11, Tomcat 3.0, mod_ssl 2.5.0.
>thanks! :)
>..................ron.
>
>___________________________________________________________________________
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff SERVLET-INTEREST".
>
>Archives: http://archives.java.sun.com/archives/servlet-interest.html
>Resources: http://java.sun.com/products/servlet/external-resources.html
>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
