tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Mottaz <>
Subject https --> http session problem
Date Sat, 15 Nov 2003 06:52:50 GMT
I've run into the problem where a session cookie gets lost when you 
start on http and move to https.  The reason seems to be that 
'secure=true' is set on the session cookie when you start on https, 
preventing the cookie from being passed to the http page.

I found the following in the archives:

You can maintain your session going http->https.  You can't maintain 
session https->http (unless you previously did a http->https).

  Is there any way to change the configuration to always use non-secure 
session cookies?

If there is not, is there a standard workaround?  I  hate the hack of 
redirecting to make sure that first access is not secure.

Thanks much,


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message