Most propably you loose your session when redirecting between the protocols. Either because you disabled cookies and do not send the ";jsessionid=aaabbbcccdddeeeff..." in your redirect, or because the cookie is tied to the protocol. (seeing this from a security point of view, this is the right thing to do, by the way)
When switching from http to https this propably happens as well, but you don't notice since the user is not logged in anyways. Be aware though, that by switching back to http you will a) show many of your users a security popup saying they now leave a secured site b) open yourself up to session hijacking issues, e.g. through proxy logs Hth, Tobias > -----Ursprüngliche Nachricht----- > Von: Kondadasula, Vikram [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 7. Dezember 2005 22:41 > An: users@tomcat.apache.org > Betreff: Unable to switch back from https to http > > > > > > I want only the login in ssl and rest in non-ssl.So from > the welcome page when somebody clicks login goes to login > page.The login is > > in ssl/https mode and after that remaining pages should be > in non-ssl(http)mode. > > > > I am able to switch from http to https but unable to switch > from https to http.If i do a response.sendredirect() goes back to > > welcome page. > > > > Thanks > > Vikram > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
