Hi All, A team I am working with use tomcat 7 as their web container. The application cannot use url session tracking due to compliance reasons.
One of the requirements we are facing is that the application should work in an iframe on the safari web browser, which blocks all cookies. For this purpose I'd like to post some value around that acts as a session Id. However I'm not sure if this is possible? *I'm aware that this won't work for common paradigms such as POST-REDIRECT-GET.* Looking at CoyoteAdaptor.java seems to suggest that session Id can only be retrieved using SSL COOKIE and URL. COOKIE is out because of third party issues. URL is out because of compliance. SSL may be a possiblity but only if it doesn't involve custom client certificates. Is there any good place to hook in a post parameter for retrieving and reattaching the session? Regards Wesley
