tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Waldner" <>
Subject Session lost on switch from HTTPS to HTTP via JavaScript location replace
Date Sat, 28 Aug 2004 19:53:15 GMT

I have a problem with Tomcat 5.0.26 where I need to use JavaScript to set 
the page location (document.location.href) in order to trigger a page 
reload. The session gets lost when the protocol changes from HTTP to HTTPS 
due to the secure setting in the session cookie.

I seems Tomcat will create the session cookie as secure when the request was 
secure. Unless there was a prior redirect this session cookie will then not 
be available to any unsecure request. In the event of a redirect to unsecure 
Tomcat undr the hood will take care to update the cookie to become insecure.

Is there any way to control this behavior in the configuration? I would like 
to configure all session cookies to be created as insecure.

Or, is there a ay to rewrite the session cookie in its entirety? It cannot 
be done just with the request, as browsers do not send all cookie attributes 

Any help greatly appreciated.


FREE pop-up blocking with the new MSN Toolbar  get it now!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message