I can confirm that Larry is correct. TC4 (and TC5) behaviour is that any session created under an HTTPS connection will not normally be available via HTTP. There is a workaround that enables this behaviour. The bug report below gives more details.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24739 Hope this helps, Mark On Tuesday, November 25, 2003 11:35 PM, Larry Isaacs [SMTP:[EMAIL PROTECTED] wrote: > I'm afraid I'm still ignorant in certain areas of Tomcat 4 > configuration. I don't know what Tomcat 4 might have that > is equivalent to this feature. I believe Tomcat 4 won't allow > you to keep your session when going from HTTP to HTTPS and I > assume it wouldn't expose the session if trying to do the > reverse. I don't know if there are configuration options > that affect this behavior. > > Cheers, > Larry > > > -----Original Message----- > > From: Eduardo Campoy [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, November 25, 2003 4:22 PM > > To: [EMAIL PROTECTED]; Larry Isaacs > > Cc: Edison Rodrigues; Fernando Freitas; Gilson Melo > > Subject: Re: Tomcat 3.3.2 release question - was RE: [5.0.15] > > Testbuild available > > > > > > Hello Larry, > > > > Thanks for your reply > > > > What i need is the new function that Tomcat 3.3.2 has that is > > "secureCookie". > > This attribute guarantees that the user will only send the > > session cookie in a secure connection using SSL. > > Since my application runs on Tomcat 4, do you know if Tomcat > > 4 has this feature ? > > > > Gilson, thanks for the contact. > > > > > > > > > > > > Eduardo Campoy > > Technology Account Manager > > Novell, THE leading provider of net business solutions > > Tel - 55 11 3345-3938 > > Cel - 55 11 9232-7456 > > AIM - ecampoy sao > > MSN - [EMAIL PROTECTED] > > > > > > >>> [EMAIL PROTECTED] 25/11/2003 15:46:31 >>> > > Unfortunately Tomcat 3.3.2 suffers from a release manager who can't > > seem to get out of an overworked state in his day job. I still > > intend to do a 3.3.2 release when I can find the time, but it is > > hard to predict when that will be given that my day job necessarily > > takes priority. > > > > Cheers, > > Larry > > > > P.S. Other than some changes needed due to new behavior in > > org.apache.tomcat.util.http.Parameter, there would not be > > any significant code differences between a "released" version and > > what is in CVS. I'll try to make those changes fairly soon, > > maybe over Thanksgiving. > > > > -----Original Message----- > > From: Gilson Melo [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, November 25, 2003 11:48 AM > > To: [EMAIL PROTECTED] > > Subject: Re: [5.0.15] Test build available > > > > > > Do you know when the 3.3.2 version will be available? > > tnx for any help... > > > > cya, > > > > GilsoN Melo > > Technical Support Engineer > > Support: 55 11 5505-4066 > > Fax: 55 11 5505-4041 > > AIM: gilsonsmelo > > Novell, Inc., the leading provider of information solutions. > > > > >>> [EMAIL PROTECTED] 11/25 2:30 PM >>> > > 5.0.15 is available for testing. Please be extra careful > > about regressions. > > If there are significant regressions, those will need to be > > fixed ASAP, > > and I'll release a new build shortly after that. > > > http://www.apache.org/dist/jakarta/tomcat-5/v5.0.15-alpha/ > > Remy > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]