Being able to access your session in non-ssl after coming out of an ssl environment is a security issue. Tomcat4.x.x allows sessions to move from http ---> https, but not vice-versa. You may disagree with this behavior. In that case, you'll have to search the archives for the relevant conversations. There have been many. The solution is to stay in https after you enter it until such time as you no longer require session variables, then move back to http.
Jake
At 05:05 AM 6/11/2003 -0700, you wrote:
I am transporting the webapp which was running on IIS+Tomcat3.x to TOmcat4.1.24. I have used SSL session using HTTPS for login and some user specific jsp pages. I maintains session using HttpSession. there are some non-SSL HTTP pages where i access session variables. I am getting the session variable which i set in login page after successful login as null. THis is happening in Tomcat4.1.24 version. I t was working fine with Tomcat3.2 version.
can anybody suggest me some solution.
thanks in advance
-manjunath
--------------------------------- Do you Yahoo!? Free online calendar with sync to Outlook(TM).
