tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: HtttServletRequest.getSession()
Date Tue, 14 Sep 2010 11:55:14 GMT
On 14/09/2010 10:40, Brian McBride wrote:
>  The javadoc states this call returns the "session associated with the
> request".  I'm trying to figure out what "the session associated with
> the request" actually means.
> Specifically, if I have the same client sending https and http requests
> intermixed in time, will there be two sessions objects, one for the
> secure requests and one for the insecure ones, or just one.

It depends where the session is created. Sessions created under http
should transition to https (and back) without a problem. If you create
the session under https then the session will not transition to http.
The next http request will trigger a new session to be created.

> And, if there are two is this documented anywhere?

Have you read the Servlet specs?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message