As I understand it, the spec doesn't say much about the session bahaviour in this scenario.
So it's quite legal that different containers implement opposite behaviours for the switch between http and https. It would be nice to hear what one of the gurus has to say about this topic ? > -----Ursprungliche Nachricht----- > Von: Manuel Mall [mailto:[EMAIL PROTECTED]] > Gesendet: Donnerstag, 28. Marz 2002 06:53 > An: 'Tomcat Users List' > Betreff: RE: AW: sessions, security, and the RFCs <snip/> > Why does Tomcat 4 implement a different session behaviour > than Tomcat 3.3 if they are both based on essentially the > same specification? <snip/> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
