tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat losing Session?
Date Mon, 27 Jul 2009 13:55:50 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dean,

On 7/26/2009 5:39 AM, dean@maquib.com wrote:
> Is it possible that tomcat is losing my session id as when i login i find
> that i have no attributes when i come to use some restricted feature. So
> which means i get redirected to the login page even though i am
> authorized. And when i print out the Session ID there not equal.
> Thanks in Advance

Can you describe this process in more detail? I suspect you are crossing
an HTTPS/HTTP barrier and using a "secure" cookie for session
management. If this happens, you'll lose your session when going back to
HTTP.

You need to make sure that your session cookie is created in HTTP (that
is, non-secure) mode if you want to be able to use your session without
HTTPS. If your login screen is using HTTPS but the rest of your site is
not, then you will need to make sure that your session is created in
non-secure mode.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkptseYACgkQ9CaO5/Lv0PB+sACgg44STravA20IJUM5DVdc+MX2
OBwAoJl0C7hHf+nES//D6Q4LgKlr0WDc
=iQ+u
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message