tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: https & j_security_check
Date Wed, 13 Aug 2008 15:56:19 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julio,

Julio César Chaves Fernández wrote:
| I was checking the http in my application and the server response is
| a 302 ... what could possibly do this when using https ... could it
| be something related to the URL ... or how could the server get
| confused given that with http it works fine.

Are you switching between HTTP and HTTPS? Some folks try to use HTTPS
for the login and then redirect to HTTP for the rest of the application.
That doesn't work unless the session cookie has been created from a
non-secure URL. Otherwise the cookie itself is marked as "secure" and
won't be sent by your browser when you switch back to HTTP. Could this
be your problem?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkijBCIACgkQ9CaO5/Lv0PD5/QCfVCw6UgMkYilZqsVUnKRQAznX
8xwAni9vqVdMJpHV7Z0jJQoTqicT3Ct3
=hk6b
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message