"Andrew Mottaz" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I've run into the problem where a session cookie gets lost when you > start on http and move to https. The reason seems to be that > 'secure=true' is set on the session cookie when you start on https, > preventing the cookie from being passed to the http page. > > > I found the following in the archives: > > You can maintain your session going http->https. You can't maintain > your > session https->http (unless you previously did a http->https). > > > Is there any way to change the configuration to always use non-secure > session cookies?
You can in 3.3.2 (since it is a +0.0.1 release change). In all higher versions of Tomcat, no. > > If there is not, is there a standard workaround? I hate the hack of > redirecting to make sure that first access is not secure. Start hating ;-). > > Thanks much, > > Andrew > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
