My idea is to let Apache handle SSL traffic, but pass the SSL_SESSION_ID through mod_webapp to Tomcat. Tomcat could then use it to track its sessions without cookies or URL-rewriting. Before I start writing the code myself, I wonder if anyone has tried to do it.
I've been all over the list-archives, source code and doc to no avail, yet the J2EE spec mandates "SSL" as one of the methods for session tracking. Am I missing something? -- Joel -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
