tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pulkit Singhal" <>
Subject Re: session drop from https to http
Date Sun, 27 Aug 2006 15:18:19 GMT
Hmm...kind of makes sense doesn't it? I mean there are a lot of apps that
use the sessionID as a key of sorts for access or cookie management so its
ok to go from a http to https connections with the same session ID because
extra security is involved but not ok to go from https to http connection
with the same sessionID cause tis insecure.
I'm sure someone on the list can tell you how to actually make it happen the
way you want but this is just my 2 cts.

On 8/27/06, Amir S <> wrote:
> Hi All,
> I have a Jakarta 5.0.28.
> When entering the tomcat first and then
> The sessionID changes?!
> In the revise ( and then
> order it does not, why is that?!
> How can I fix it?
> Please note that the different is in the HTTPS and HTTP order.
> Regards,
> Amir S
> ---------------------------------------------------------------------
> To start a new topic, e-mail:
> To unsubscribe, e-mail:
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message