George Sexton wrote:
Does the code transparently create a new JSessionID value then?

George,
you might wanna rethink your comments, they don't shine any light on the issue and they for sure don't state any facts, let me prove you I am right. Below is the headers I tracked with LiveHttpHeaders, as you can see, JSESSIONID remains exactly the same in the browser request when the switch from HTTP to HTTPS happens.
This is Firefox on Fedora 4. The site works fine.

This must be a browser issue, can you tell us a little bit more about what version and platform your browser is on.

1. Request to the home - non secure
============================================================
http://www.tophotelchoices.com/
GET / HTTP/1.1
Host: www.tophotelchoices.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.tophotelchoices.com/

HTTP/1.x 200 OK
Date: Wed, 15 Feb 2006 20:08:55 GMT
Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
Set-Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF; Path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Keep-Alive: timeout=5, max=20
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=UTF-8

2. Click on the request button - switch from HTTP to HTTPS
https://www.tophotelchoices.com/bookingServlet1?hotel=ASI
GET /bookingServlet1?hotel=ASI HTTP/1.1
Host: www.tophotelchoices.com:443
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.tophotelchoices.com/searchResults.jsp
Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF

HTTP/1.x 200 OK
Date: Wed, 15 Feb 2006 20:11:54 GMT
Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
Cache-Control: no-cache
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Keep-Alive: timeout=5, max=20
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=UTF-8


George Sexton wrote:
Does the code transparently create a new JSessionID value then?

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585


-----Original Message-----
From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 15, 2006 12:48 PM
To: Tomcat Users List
Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)

sessions started in non-ssl mode should carry over to SSL,
but not the
other way around.
Filip



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to