tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Davidson <bi...@seatadvisor.com>
Subject Re: Moving from a very old Tomcat to a new Tomcat.
Date Fri, 23 May 2008 23:00:59 GMT
David Smith wrote:
> So if I have this right, the sequence is:
>
> 1. Login to the unsecure http site
> 2. Click on a https secure link
> 3. You get a second login.
>
> If that's the case, you should change things so people get moved to 
> the secure https page, login, and then taken back to the http unsecure 
> page.  Sessions created in the unsecure http protocol are not trusted 
> by the secure https protocol in tomcat.  If I remember right, sessions 
> created in secure https are trusted by http.

I can also bring up the initial login page in https and I still
get the same problem when I do that so I'm not sure that
that is what it is.


Mime
View raw message