We use tomcat forms authentication and it is cookies being used. There are 3 cookies, JSESSONIDSSO, test and JSESSONID. Not sure how you tell if its marked secure? The test cookie is for testing to assure cookies are enabled.
Thanks for your help! Rainer Jung-3 wrote: > > krusek wrote: >> I have Apache 2 with SSL, mod_jk connection, and Tomcat. Everything has >> worked peachy from one tomcat upgrade after another. However now I >> upgraded >> to tomcat 6 and I am loosing the session when switching from https to >> http >> within the same domain. >> >> For clarity, Apache 2 is handling SSL not tomcat. >> >> Does anyone know why this is happening? > > Are you using cookies for the sessions (JSESSIONID cookie) or URL > encoding (";jsessionid=")? > > Is some cookie flagged as being "secure"? > You can check how the cookie looks like e.g. using Firefox (Preferences > - Privacy - Cookies). > >> Thanks! >> >> Kevin > > Regards, > > Rainer > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Session-lost-when-switching-from-https-to-http-after-upgrade-to-Tomcat-6-tp17658157p17699292.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]