I couldn't get an answer in the uses email list, so I am trying here. This is regarding behaviour differences I have discovered between tomcat 3.3 and 4.0(and 4.1).
I have looked through documentation, but not been able to find anything.
I wrote a small test webapp to test/discover the following:
Using Tomcat 4.0:
If a httpsession is created by a servlet processing a request sent under(scheme) http, then redirects to https, the session is available to the servlet processing in https. In other words, it stays put.
HOWEVER, if a httpsession is created by a servlet processing a request under https, and then redirects to http, the session is NOT available. getSession returns null. But if one redirects back to https agin, the session is available.
ALSO, if you, after redirecting to http(where no session is to be found), create a new session, and then redirect back to https, the original session is lost and the new session created in http scheme is the current one.
In Tomcat 3.3, session created in either schemes(http or https) "stays put" when redirecting.
I haven't found anything in the servlet specification that
mentiones anything about this behaviour.
Is this a Bug? I see this with both Tomcat standalone or behind apache. ajp13 connector or Coyote connectors.
_________________________________________________________________
Unlimited Internet access -- and 2 months free! Try MSN. http://resourcecenter.msn.com/access/plans/2monthsfree.asp
--
To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
