Due to problems with my cable modem, please respond via email as well as to the list if possible. Thanks...
I am running Tomcat 3.2.x in development mode with default http on port 8080 and default https on port 8443. My web application needs to switch in and out of https on occasion while prompting for/passing sensitive info. The rest of the time, it is fine in normal http. I have found (experimentally) that the browser does not seem to be passing the cookie containing the JSESSIONID value back and forth between urls like http://hostname:8080/webapp and httpa://hostname:8443/webapp. I am guessing that this is because the host names are different and the browser maintains cookies on a per-host name basis. So when I do the switch between http and https, I loose my session data. I have tried getting the value of the JSESSIONID cookie and appending its value to the url I go to whilst switching (ex. http://hostname:8443/webapp;jessionid=xxx) hoping that I could get the session info maintained. However, this did not appear to work either. Can anyone please give me a way to do this? If I use the default ports (80 and 443), I do not have to place the port id in with the hostname on the url. In this circumstance, I do get session state preserved. This would appear to be because the hostname portion of the url does not "change". It is just something of a pain to use ports lower than 1024 on Linux for development (have to be root). Thanks in advance for you help. David _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>