tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Alley" <martin.al...@ntlworld.com>
Subject RE: Session behaviour across http/https boundary
Date Fri, 09 Apr 2004 07:28:29 GMT
Hi Bill,

Thanks for clarifying.  

BTW Do you know if this policy in the browser, or if tomcat uses the
refer header to implement it on the server?

Thanks
Martin

-----Original Message-----
From: news [mailto:news@sea.gmane.org] On Behalf Of Bill Barker
Sent: 09 April 2004 06:22
To: tomcat-user@jakarta.apache.org
Subject: Re: Session behaviour across http/https boundary


"Martin Alley" <martin.alley@ntlworld.com> wrote in message
news:001d01c41d62$3a04a540$3100a8c0@martinjfalley.com...
> Hi,
>
> I have a small web app that appears to illustrate the following
> behaviour.
> Session started in http is carried over to https, but session started
in
> https is *not* carried over to http!
>
> Why?

This is for security reasons (so that it isn't possible to steal
sensitive
information that was entered in via SSL).




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message