Sorry, late at night :) Naturally I wan't to reconfigure Tomcat ... not Apache ...
>Hi ! > >I have the following problem: > >Inside the direct link listener of my login page (scheme https) I validate the >user input and create an visit ASO an success. > >So a session is created and stored via a cookie on the browser. > >When leaving the https scheme, the jsessionid is lost, because the cookie is >marked as https-only. > >While I understand this behaviour (security reasons) I do not wan't to disable >session-cookies in apache. I want to keep the url tidy :) > >So is there a way to tell Apache (forwaring to Tomcat via JKMount) to treat >https sessionid as 'unsafe' and store them in an http-readable cookie ? > >I take care of the sessionid-hijacking for myself - so there is no need for >Apache todo so. > >Thank you in advance ! > >Gerald > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]