I have set two connectors http and https. I have my webapp that is served by these two connectors.
I have discovered a strange behaviour with tomcat accessing through http and https.
If I open a browser to connect to http: - tomcat creates a session - my webapp receives the request and returns a page.
This is normal, but if I change (on the same window) the protocol and the port to use the https connector,
- tomcat does not create a new session, it use the old one created on the http access
- my webapp receives the request, but it already has objects on the session.
However, If I connect first to https and then I change to http, I will have two sessions, one for https and the other one to http.
Should not it generate a new session when a change on the protocol is done ??
I have tested this on tomcat 4.1.29, 5.0.25 with java 1.3.1 and 1.4.2 on linux (mandrake 10 and red hat enterprise)
Browsers tested IExplorer and Mozilla 1.6
To verify this, I have created a JSP that shows all the data related with sessions
<%
if (request!=null) {
out.println("<br>request.getRequestedSessionId() = "+request.getRequestedSessionId());
out.println("<br>request.isRequestedSessionIdFromCookie = "+request.isRequestedSessionIdFromCookie());
HttpSession misession=request.getSession(false);
if (misession!=null) {
out.println("<br>la sesion se recupera del request ");
out.println("<br>request.getSession(false).getId() = "+misession.getId());
out.println("<br>request.getSession(false).isNew() = "+misession.isNew());
}
out.println("<br>request.isRequestedSessionIdFromURL() = "+request.isRequestedSessionIdFromURL());
out.println("<br>request.isRequestedSessionIdValid() = "+request.isRequestedSessionIdValid());
}
if (session!=null) {
out.println("<br>session.getId() = "+session.getId());
out.println("<br>session.isNew() = "+session.isNew());
}
%>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
