tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Milt Epstein <>
Subject Re: Why does encodeURL not include Session ID when switching between HTTP and HTTPS
Date Sun, 01 Dec 2002 23:27:41 GMT
On Sun, 1 Dec 2002, Raiden wrote:

> Hello,
> I have searched the archives, and while I have seen several people ask
> this question, there doesn't seem to be an agreed upon answer/solution.
> I am using Tomcat 4.1.12.  When cookies are on, I can switch bettween http
> and https just fine, while maintaining my session.  (I am using the Ajp13
> connector with Apache, and so Apache does all my SSL management.)
[ ... ]

Are you sure about this?  Because from all past discussion of this
that I can recall, it shouldn't work with cookies -- that is, you
should not be able to switch from http to https (or vice-versa) and
maintain sessions -- whether you're using cookies or not.

There are some posts in the archives that are pretty clear about this
-- see the ones from Craig McClanahan, for example.

Milt Epstein
Research Programmer
Integration and Software Engineering (ISE)
Campus Information Technologies and Educational Services (CITES)
University of Illinois at Urbana-Champaign (UIUC)

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message