Maurice Yarrow wrote: > I'm fronting tomcat 5.0.28 with apache 2.0.59 through mod_proxy. > I am not seeing loss of session persistence: here are the values > of HttpSession.getId(), as seen in a typical succession of the > servlets, and also, one of the JSP's: > > SelectPubImgSetServlet: > thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 > DisplayPubGalleryServlet: > thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 > GetPubSmallServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 > PassWordCheckServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 > SelectPhotoClub.jsp: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 > EditGalleryServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 > > I can't, of course, tell you why you are not seeing persistent session > id's, but I believe > the above shows that this is normal for my webapp. I do not believe > that I am doing > anything unusual, here, just the usual > > HttpSession thisUser = GetPubSession( request, response, true ); > > In fact, for the login/https side of my webapp, I rely on this to > determine > authorization. Note that going from http to https, the same session is > persisted, going the other way, one cannot rely on this - an artifact of > the security specification in J2EE). > > Maurice Yarrow
Maurice, thanks for the concientous effort. However, your responses should be addressed to "Darren Hall". (no relation that I'm aware of) -Bob Hall --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]