On 14/09/2010 10:40, Brian McBride wrote: > The javadoc states this call returns the "session associated with the > request". I'm trying to figure out what "the session associated with > the request" actually means. > > Specifically, if I have the same client sending https and http requests > intermixed in time, will there be two sessions objects, one for the > secure requests and one for the insecure ones, or just one.
It depends where the session is created. Sessions created under http should transition to https (and back) without a problem. If you create the session under https then the session will not transition to http. The next http request will trigger a new session to be created. > And, if there are two is this documented anywhere? Have you read the Servlet specs? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org