tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gr√ľneberg <martin.grueneb...@gmx.de>
Subject Is there nobody who could help me with my session problem?
Date Wed, 17 Jan 2001 00:42:32 GMT
Again my problem is:

Tomcat 3.2.1 standalone with SSL on JDK1.3 Win2K
I use the builtin ServletAPI - sessionmanagment
[session=request.getSession(true);]
in a small shopapp.
Because cookies are disabled in many browsers, I prefere
sessionmangment with urlrewriting. (server.xml --> noCookies)
On normal http requests the sessionmanagment make a good job.
But changing to a safe https SSL connection for sensitive data the session
is lost and a new session is created. Every time I reload this (https) page
a new session is returned!??
It seems to me that Tomcat can not rewrite the URL to safe the sessionID.

Is this a problem of the https protokoll is urlrewriting under https
impossible?
Is there a workaround to use the sessions without turning on cookies under
https?

Is there for example a way to manualy pass the sessionID and get the user
session like this:
session.getSession("sessionID"); ????

need your help,
Martin


Mime
View raw message