tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raiden <rai...@wonko.inow.com>
Subject Why does encodeURL not include Session ID when switching between HTTP and HTTPS
Date Sun, 01 Dec 2002 22:08:14 GMT
Hello,

I have searched the archives, and while I have seen several people ask
this question, there doesn't seem to be an agreed upon answer/solution.

I am using Tomcat 4.1.12.  When cookies are on, I can switch bettween http
and https just fine, while maintaining my session.  (I am using the Ajp13
connector with Apache, and so Apache does all my SSL management.)

However, when cookies are off... URL rewriting ONLY seems to work when I
stay on the same protocol.  (Start on an HTTP page, all HTTP links are
properly encoded with the session id.  Start on an HTTPS page, all HTTPS
links are properly encoded with the session id.  However, start in either
protocol, and the links for the other protocol are NOT properly encoded.)

As soon as I try and encode a link that would switch the protocol from
HTTP to HTTPS or HTTPS to HTTP, those links do not include the session
id.

I have every link surrounded by response.encodeURL().

Does anyone know why the encodeURL method does not seem to be including
the session id when I attempt to include a link that is in a different
protocol?

I'm assuming it's because the encodeURL method does not think
http://www.myserver.com and https://www.myserver.com are able to maintain
the same session... but I can't understand why... especially since Tomcat
and Netscape and IE have aggreed to send the session cookie on both
protocols, when using cookies to maintain sessions.

Thanks,
Raiden



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message