tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Alley" <>
Subject RE: Session behaviour across http/https boundary
Date Fri, 09 Apr 2004 07:28:29 GMT
Hi Bill,

Thanks for clarifying.  

BTW Do you know if this policy in the browser, or if tomcat uses the
refer header to implement it on the server?


-----Original Message-----
From: news [] On Behalf Of Bill Barker
Sent: 09 April 2004 06:22
Subject: Re: Session behaviour across http/https boundary

"Martin Alley" <> wrote in message
> Hi,
> I have a small web app that appears to illustrate the following
> behaviour.
> Session started in http is carried over to https, but session started
> https is *not* carried over to http!
> Why?

This is for security reasons (so that it isn't possible to steal
information that was entered in via SSL).

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message