Hello Bill > URL-rewriting sessions are not 'transferable' as per the Servlet 2.3 Spec. > > Cookie session in Tomcat 3.3.2 and higher follow the rules: > > a) If you create the session with a non-SSL request, then it will be > transfered back and forth between SSL and non-SSL (unless, of course, your > browser chooses to not send the cookie :). > > b) If you create the session with a SSL request, then it won't be available > for non-SSL requests.
Thanks for that information - it fits in with my experience. I've just done a search for 'SSL' on the 2.3 specifications, and I did not find anything that corresponds to these two rules (though I might have missed it). Am I to assume that these two rules are container-specific? Kind regards Harry --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
