when a session is established in HTTPS, the session will not work for HTTP, it is a security thing.
If the session is established in HTTP, it will work for both HTTPS and HTTP I believe Filip > -----Original Message----- > From: Dan Lipofsky [mailto:[EMAIL PROTECTED] > Sent: Monday, July 28, 2003 4:54 PM > To: Tomcat Users List > Subject: Re: HTTPS session strangeness with Tomcat 4.0.6 > > > No. I just tried with Netscape 7.1, IE 5.5, and IE 6.0. > Same results for all. It's definitely a Tomcat thing. > - Dan > > > Dan, > > > > Does it matter which browser you use? I am experiencing (so far without > > resolution) problems invalidating and re-establishing sessions and > > refreshing pages based on session status when I use IE but have the same > > pages operate perfectly under NetScape. > > > > Murray > > -----Original Message----- > > From: Dan Lipofsky [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, 29 July 2003 06:54 > > To: [EMAIL PROTECTED] > > Subject: HTTPS session strangeness with Tomcat 4.0.6 > > > > > > I have a login JSP that does a session.setAttribute and all > > subsequent pages do a session.getAttribute to ensure the > > user is logged in. The login page uses HTTPS and then > > redirects to HTTP for subsequent pages. This worked in > > Tomcat 3.2.4 but fails in Tomcat 4.0.6, 4.1.24, and 5 alpha. > > BUT THE WAY IT FAILS IS PARTICULARLY BIZARRE - it will fail > > the first time but work the second time. This is very > > consistent. Below are 2 extremely simple JSPs that demo the > > problem. The first only sets the attribute and provides a > > link to the second. The second displays the attribute. The > > first time through it will say "TEST=null". If you then hit > > the back button and refresh the first page and click next > > again it will say "TEST=TEST_VAL" like it should > > > > > > *** First JSP: https://www3.nuserve.com:8011/testS1.jsp *** > > > > <% > > System.out.println("Setting TEST_KEY=TEST_VAL"); > > session.setAttribute("TEST_KEY","TEST_VAL"); > > %> > > <a href="http://www3.nuserve.com:8010/testS2.jsp";>next</a> > > > > > > *** Second JSP: http://www3.nuserve.com:8010/testS2.jsp *** > > > > TEST=<%=session.getAttribute("TEST_KEY")%> > > > > > > Does anyone have an idea what causes this or how to fix it? > > Thanks, > > Dan > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
