krusek schrieb:
We use tomcat forms authentication and it is cookies being used.
There are 3 cookies, JSESSONIDSSO, test and JSESSONID.
Not sure how you tell if its marked secure? The test cookie is for testing
to assure cookies are enabled.
As explained below, my Firefox tells me, for which connctions (secure or
all) it uses a cookie, when I look at the cookie in my preferences.
You can also use firebug with cleared cookies and have a look at the
Set-Cookie header (the header will contain a "; secure"), or you can
sniff your network traffic on the client side with wireshark, or on the
server side with tcpdump/snoop etc. for the same header. Remember that
you clear the cookies in the client/browser before looking for the
Set-Cookie header.
Thanks for your help!
Regards,
Rainer
Rainer Jung-3 wrote:
krusek wrote:
I have Apache 2 with SSL, mod_jk connection, and Tomcat. Everything has
worked peachy from one tomcat upgrade after another. However now I
upgraded
to tomcat 6 and I am loosing the session when switching from https to
http
within the same domain.
For clarity, Apache 2 is handling SSL not tomcat.
Does anyone know why this is happening?
Are you using cookies for the sessions (JSESSIONID cookie) or URL
encoding (";jsessionid=")?
Is some cookie flagged as being "secure"?
You can check how the cookie looks like e.g. using Firefox (Preferences
- Privacy - Cookies).
Thanks!
Kevin
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]