tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Waldner" <twald...@hotmail.com>
Subject Session lost on switch from HTTPS to HTTP via JavaScript location replace
Date Sat, 28 Aug 2004 19:53:15 GMT
Hello,

I have a problem with Tomcat 5.0.26 where I need to use JavaScript to set 
the page location (document.location.href) in order to trigger a page 
reload. The session gets lost when the protocol changes from HTTP to HTTPS 
due to the secure setting in the session cookie.

I seems Tomcat will create the session cookie as secure when the request was 
secure. Unless there was a prior redirect this session cookie will then not 
be available to any unsecure request. In the event of a redirect to unsecure 
Tomcat undr the hood will take care to update the cookie to become insecure.

Is there any way to control this behavior in the configuration? I would like 
to configure all session cookies to be created as insecure.

Or, is there a ay to rewrite the session cookie in its entirety? It cannot 
be done just with the request, as browsers do not send all cookie attributes 
back.

Any help greatly appreciated.

Thanks,
Tim

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar  get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message