On 24/10/2011 16:30, chad.da...@emc.com wrote: > The specification ( servlet 2.4 ) says that the servlet session may > be implemented via session cookie or, in the case of https, via the > ssl mechanism. My server is only accessible via https. Does tomcat > use the ssl mechanism in this case?
No. SSL based session tracking is only available from Tomcat 7 onwards. > I do see the JSESSINID cookie, > so as far as I can tell, it uses the cookie method. I assume that cookie name is a typo and you meant JSESSIONID. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
