This should really be in the FAQ (if it isn't already). For security reasons, if you establish a session under https on TC 4.x and higher, the session is not accessible if you later fall back to http. TC 3.3.1 doesn't have this restriction, but TC 3.3.2 release will (with an option to turn it off for backwards compatiblity only).
"Scott Stewart" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Is anyone aware of any known issues regarding the use of SingleSignOn within > an aliased host? > > I currently have a single host defined in server.xml (say, "www.hostname.com > <www.hostname.com> ") with one alias defined for that host (say, > "secure.hostname.com"). I am using SSL & container-managed security (form > based) to segregate account signup, account management and other secured > portions of the site from the generally accessible areas. The problem I am > having is that once I authententicate myself via https to > secure.hostname.com, if I surf over to the unsecured site via an http call > to www.hostname.com <www.hostname.com> all knowledge of myself has > disappeared (i.e. calls to getUserPrincipal() return null). > > Does this make sense? > > Any thoughts??? > > Thanks in advance to any help that you may be able to provide, > > Scott > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
