tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Balmforth" <>
Subject Session, SSL redirect , no Cookies
Date Fri, 21 Jun 2002 15:24:02 GMT
I'm trying to use SSL for a login form and then redirect from https: to http:
once I have passed my password. The rest of the site will be less secure
but will not suffer the overhead of SSL.

Everything seems to work fine when cookies are enabled but when I rely
only on URL rewriting my jsessionid is disregarded going to AND from https.

Servlet Spec 2.3 says this "can be problematic". However, I can't rely on cookies
and the environment is sufficiently secure to warrant this security level.

I'm using Tomcat 4.0.3.

Can this be configured to work?
If not is there an adequate workaround?


Peter Balmforth
Institute for Transport Studies, 
The University of Leeds, Leeds, LS2 9JT.
Room 204
Ex. 31757
Tel. (0113) 3431757

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message