I have a web application served by Tomcat (currently 3.2.2b3). I've
configured Tomcat to offer both a secured connector at HTTPS://host:8086/
and an unsecured version available at HTTP://host:8085/. My question is,
should I expect my servlets to see the same "session attributes" when a
client uses either of the two scheme&port pairs?
My experience is that it depends on the browser. For IE 5.0 on Win2K, the
session attributes are common across the two prefixes; for Netscape 4.75
on the same client machine, the session attributes associated with one
prefix are independent of the session attributes associated with the
other.
Which is correct, and what are my options for getting consistent behavior?
Thanks,
Mike
