The specification ( servlet 2.4 ) says that the servlet session may be implemented via session cookie or, in the case of https, via the ssl mechanism. My server is only accessible via https. Does tomcat use the ssl mechanism in this case? I do see the JSESSINID cookie, so as far as I can tell, it uses the cookie method.
- servlet session method with https Chad.Davis
- Re: servlet session method with https Mark Thomas
