tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gr√ľneberg <>
Subject Sessionmanagement with SSL and DISABLED cookies?
Date Tue, 16 Jan 2001 15:01:50 GMT
Tomcat 3.2.1 standalone with SSL on JDK1.3 Win2K
I use the builtin sessionmanagment (session=request.getSession(true);) in a
small shopapp.
Because cookies are disabled in many browsers, I prefere
sessionmangment with urlrewriting. (server.xml --> noCookies)
On normal http requests the sessionmanagment make a good job but changing to
safe https SSL connection for sensitive data the session is lost and a new
session is
created. Every time I reload this (https) page a new session is returned!??

Is this a problem of the https protokoll is urlrewriting under https
Is there a workaround to use the sessions without turning on cookies under

Is there for example a way to manualy pass the sessionID and get the user
session like this:
session.getSession("sessionID"); ????

need your help,

View raw message