Hi, I'm not sure, but if both the secure and insecure servers are the same one, you can try to disable the use of cookies for session-ids. This way, the selection of the session-id to send is not left to the browser.
If it does not work, you could try to use an alternative to the user session. One alternative is a JNDI or LDAP server. It can solve data sharing problems even between phisically separated servers. Hope it helps ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
