Hi ! I have the following problem:
Inside the direct link listener of my login page (scheme https) I validate the user input and create an visit ASO an success. So a session is created and stored via a cookie on the browser. When leaving the https scheme, the jsessionid is lost, because the cookie is marked as https-only. While I understand this behaviour (security reasons) I do not wan't to disable session-cookies in apache. I want to keep the url tidy :) So is there a way to tell Apache (forwaring to Tomcat via JKMount) to treat https sessionid as 'unsafe' and store them in an http-readable cookie ? I take care of the sessionid-hijacking for myself - so there is no need for Apache todo so. Thank you in advance ! Gerald --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
