tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hassan Schroeder <>
Subject Re: tomcat 5 combined http and https, same session
Date Tue, 25 Oct 2005 00:30:41 GMT
Rob wrote:

> to run https for some pages in my webapp, and http for other pages, using
> the same session.  It's working where I can redirect from http to https (see
> the web.xml security constraint block below), but then I'm in https for all
> web pages, and if I type http at the URL, the session goes away.  What I'm
> aiming for is a webapp where account info is secure and general web pages
> are http, and the session is preserved.

In that exact scenario I'm using a Filter to redirect URLs that
don't need to be secure back to http, and I've never (/me knocks
on nearest wooden object!) had a problem with sessions dropping.

Hassan Schroeder -----------------------------
Webtuitive Design ===  (+1) 408-938-0567   ===

                          dream.  code.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message