----- Original Message -----
From: "Bill Davidson" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Monday, June 09, 2008 12:36 AM
Subject: Re: Session lost when switching from https to http after upgrade to
Tomcat 6
I'm confused so I'm not sure what I say below makes sense.
If I'm reading these posts correctly, the cookie is issued by the front
end
(which is Apache web server). Since it is created on an https session, it
is being marked as "secure". When browser switches to a non-secure
page on the same site, that cookie is not passed because it is a secure
cookie.
Apparently, this behavior changed between Apache 1.3.x+Apache SSL
and Apache 2.2 (mod_ssl) because my app used to work doing this with
Apache1.3 as the front end.
Is there some way to configure Apache not to mark the cookie as secure
even if it is creating it on an https connection?
Bill... Just lose the FORM authentication, replace it with DIGEST, or even
BASIC.... I think all your problems will go away.
---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---------------------------------------------------------------------------
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
