just take the protocol and domain part out of the encodeURL function and
only have the rest of the section be in encodeURL().
so in stead of request.encodeURL("https://www.myserver.com/test.html";) use
"http://www.myserver.com"; + requestencodeURL("/test.html");
> -----Original Message-----
> From: Raiden [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, December 01, 2002 5:10 PM
> To: Tomcat Users List
> Subject: Re: Why does encodeURL not include Session ID when
> switching between HTTP and HTTPS
>
>
> A quick addendum... is there a setting somewhere that I need to explicitly
> state that my server is www.myserver.com, and therefore regardless of
> protocol (HTTP or HTTPS), all links at this server should be encoded with
> the session id?
>
> Thanks again,
> Raiden
>
>
> On Sun, 1 Dec 2002, Raiden wrote:
>
> > Hello,
> >
> > I have searched the archives, and while I have seen several people ask
> > this question, there doesn't seem to be an agreed upon answer/solution.
> >
> > I am using Tomcat 4.1.12. When cookies are on, I can switch
> bettween http
> > and https just fine, while maintaining my session. (I am using
> the Ajp13
> > connector with Apache, and so Apache does all my SSL management.)
> >
> > However, when cookies are off... URL rewriting ONLY seems to work when I
> > stay on the same protocol. (Start on an HTTP page, all HTTP links are
> > properly encoded with the session id. Start on an HTTPS page, all HTTPS
> > links are properly encoded with the session id. However, start
> in either
> > protocol, and the links for the other protocol are NOT properly
> encoded.)
> >
> > As soon as I try and encode a link that would switch the protocol from
> > HTTP to HTTPS or HTTPS to HTTP, those links do not include the session
> > id.
> >
> > I have every link surrounded by response.encodeURL().
> >
> > Does anyone know why the encodeURL method does not seem to be including
> > the session id when I attempt to include a link that is in a different
> > protocol?
> >
> > I'm assuming it's because the encodeURL method does not think
> > http://www.myserver.com and https://www.myserver.com are able
> to maintain
> > the same session... but I can't understand why... especially
> since Tomcat
> > and Netscape and IE have aggreed to send the session cookie on both
> > protocols, when using cookies to maintain sessions.
> >
> > Thanks,
> > Raiden
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
