My idea is to let Apache handle SSL traffic, but pass the SSL_SESSION_ID through mod_webapp to Tomcat. Tomcat could then use it to track its sessions without cookies or URL-rewriting.
I've been all over the mailing-lists, source code and doc to no avail, yet the J2EE spec mandates "SSL" as one of the methods for session tracking. Am I missing something? -- Joel -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
