Tomcat 3.2.1 standalone with SSL on JDK1.3 Win2K
I use the builtin sessionmanagment (session=request.getSession(true);) in a
small shopapp.
Because cookies are disabled in many browsers, I prefere
sessionmangment with urlrewriting. (server.xml --> noCookies)
On normal http requests the sessionmanagment make a good job but changing to
a
safe https SSL connection for sensitive data the session is lost and a new
session is
created. Every time I reload this (https) page a new session is returned!??
Is this a problem of the https protokoll is urlrewriting under https
impossible?
Is there a workaround to use the sessions without turning on cookies under
https?
Is there for example a way to manualy pass the sessionID and get the user
session like this:
session.getSession("sessionID"); ????
need your help,
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
