This is implemented within tomcat.
Mark
> -Original Message-
> From: Martin Alley [mailto:[EMAIL PROTECTED]
> Sent: Friday, April 09, 2004 8:28 AM
> To: 'Tomcat Users List'
> Subject: RE: Session behaviour across http/https boundary
>
> Hi Bill,
>
&
On Apr 9, 2004, at 3:28 AM, Martin Alley wrote:
BTW Do you know if this policy in the browser, or if tomcat uses the
refer header to implement it on the server?
This is probably a side effect of the way cookies work. A cookie can
have a 'secure' flag set, which means it won't get sent over a norm
PROTECTED]
Subject: Re: Session behaviour across http/https boundary
"Martin Alley" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> I have a small web app that appears to illustrate the following
> behaviour.
> Session started in http is carried over t
"Martin Alley" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> I have a small web app that appears to illustrate the following
> behaviour.
> Session started in http is carried over to https, but session started in
> https is *not* carried over to http!
>
> Why?
This is for
