I am using Tomcat 5.0.28
Users log into my application from https://xxx.com/login.jsp. When submitted, I check for a valid userID/Password, create a session with getSession(), and then save the userID/Password in a session variable. The validated user is then returned to my main tools page. If the user then selects a link to a non secure page, http://..., I get a return of null when performing getSession( false) when trying to check that the user is valid.
I am using Tomcat 5.0.16. An https session will have a different JSESSIONID than a http session, so Tomcat will think going from one to another is stating a new session. The JESSIONID is stored as a secure cookie when you start from https; get this cookie and re-add it to the response as a non-secure cookie
(setSecure(false)), and then redirect to the http page.
-- Lynn Hollerman.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
