Hi Bill, Thanks for clarifying.
BTW Do you know if this policy in the browser, or if tomcat uses the refer header to implement it on the server? Thanks Martin -----Original Message----- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker Sent: 09 April 2004 06:22 To: [EMAIL PROTECTED] Subject: Re: Session behaviour across http/https boundary "Martin Alley" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > I have a small web app that appears to illustrate the following > behaviour. > Session started in http is carried over to https, but session started in > https is *not* carried over to http! > > Why? This is for security reasons (so that it isn't possible to steal sensitive information that was entered in via SSL). --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]