tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Mottaz <and...@site9.net>
Subject https --> http session problem
Date Sat, 15 Nov 2003 06:52:50 GMT
I've run into the problem where a session cookie gets lost when you 
start on http and move to https.  The reason seems to be that 
'secure=true' is set on the session cookie when you start on https, 
preventing the cookie from being passed to the http page.


I found the following in the archives:

You can maintain your session going http->https.  You can't maintain 
your
session https->http (unless you previously did a http->https).


  Is there any way to change the configuration to always use non-secure 
session cookies?

If there is not, is there a standard workaround?  I  hate the hack of 
redirecting to make sure that first access is not secure.

Thanks much,

Andrew

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message