tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mufaddal Khumri <mufad...@wmotion.com>
Subject Does switching from HTTPS to HTTP in this manner cause session attributes to be lost ?
Date Thu, 01 May 2003 10:14:32 GMT


What I am doing is
1.  authenticating the user and store the User object in the session 
(This is done by a LoginServlet running under tomcat)
2.  Next the LoginServlet takes the user to Home.jsp using :
response.sendRedirect(response.encodeRedirectURL("http://" + 
request.getServerName() + ":8080/myapp/Home.jsp"));
3. In Home.jsp at the top of the page i check for the User object. If 
its not present in the session i take the user back to the Login.jsp:
response.sendRedirect(response.encodeRedirectURL("https://" + 
request.getServerName() + ":8443/myapp/Login.jsp"));

Before I had everything working fine under just HTTPS. Now when I take 
the user to Home.jsp ... i am using http instead of https.

Does switching from HTTPS to HTTP in this manner cause session 
attributes to be lost ? Is there a work around to this ?
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message