DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25852>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25852 Error Session Creation under SSL and switch to non-SSL Summary: Error Session Creation under SSL and switch to non-SSL Product: Tomcat 5 Version: 5.0.16 Platform: All OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] In order to explain the error, consider the following situation: - Install Tomcat 5.0.16 - Setup SSL under Tomcat. - Point the browser to https://localhost:8443/aplic/servlet/test?option=1 (SSL) This servlet does something like: HttpSession s=request.getSession(true); So now the session has been created, as it is the first call to the servlet. But just after starting the session, the servlet does something like: response.sendRedirect("http://localhost:8080/aplic/servlet/test?option=2"); (not SSL). And here there is the problem: The session was created under SSL, and now that we are NOT under SSL, when the servlet does: HttpSession s=request.getSession(false); // false because the session was created when we called the servlet under SSL. Now the session is NULL. So the problem is that sessions created under SSL are not valid when these sessions are requested from no-SSL. This didn't happen in Tomcat 4.1.27, so I suppose it is a Tomcat 5 bug. Thank you! Ricotta --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]