Tomcat 3.2.1 standalone with SSL on JDK1.3 Win2K I use the builtin sessionmanagment (session=request.getSession(true);) in a small shopapp. Because cookies are disabled in many browsers, I prefere sessionmangment with urlrewriting. (server.xml --> noCookies) On normal http requests the sessionmanagment make a good job but changing to a safe https SSL connection for sensitive data the session is lost and a new session is created. Every time I reload this (https) page a new session is returned!?? Is this a problem of the https protokoll is urlrewriting under https impossible? Is there a workaround to use the sessions without turning on cookies under https? Is there for example a way to manualy pass the sessionID and get the user session like this: session.getSession("sessionID"); ???? need your help, Martin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]