tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Wong <>
Subject Preserving session state from https to http on tomcat
Date Thu, 03 May 2001 00:30:30 GMT

I am using form login and I'd like to send my username/password via https to
the server. That can be easily accomplished by setting up the https
connection on port 8443 on tomcat. The problem is after logging in, I'd like
to switch back to http with the user "login state" preserved from the https
session. But alas, switching from https to http wipes out session info on
Netscape (4.7). When my post login jsp pages reference the previously set
session login object via http, null is returned. However, if I stay in
https, everything is fine.

I know bea weblogic has a solution where the server can be set to inhibit
the server port number from being included in the cookie sent back to
Netscape. This way only the domain name is sent. But I can't find that a
similar setting in Tomcat.

Any advice on this would be greatly appreciated.


Ben Wong

View raw message