-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregor,
On 3/13/2009 1:58 PM, Gregor Schneider wrote: > So will I then be able to access the HttpSession-object created when > inside HTTPS (login-page) when I'm querying it from within a JSP > served via plain HTTP? No, the session will be created in HTTP mode, then you'll submit in HTTPS mode (and the non-secure session is viewable in the secure context) and then go back to HTTP mode. > That was the problem Chuck mentioned, and this I tried to solve with > my - silly - suggestion from above? Try creating a sequence of requests that you think are likely, and apply the rules I laid out to see how the webapp would react. If there's a case you think won't work, let me know and I'll see if I can come up with an idea. > I sees quite some pages using HTTPS for Authorization (Form-based), > but once authorized, they serve via HTTP. > How just simply do they do that? The session is created in HTTP mode which is why this works. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6x/cACgkQ9CaO5/Lv0PD4BQCfcqJdd3wVDn7/YfMtKiMTMMia 0jMAn07FSA6Au3j9ZwWqAhmS10J3uHVu =ncMM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org