Hmm...kind of makes sense doesn't it? I mean there are a lot of apps that use the sessionID as a key of sorts for access or cookie management so its ok to go from a http to https connections with the same session ID because extra security is involved but not ok to go from https to http connection with the same sessionID cause tis insecure. I'm sure someone on the list can tell you how to actually make it happen the way you want but this is just my 2 cts.
On 8/27/06, Amir S <[EMAIL PROTECTED]> wrote:
Hi All, I have a Jakarta 5.0.28. When entering the tomcat first https://127.0.0.1/a.jsp and then http://127.0.0.1/b.jsp The sessionID changes?! In the revise (http://127.0.0.1/b.jsp and then https://127.0.0.1/a.jsp) order it does not, why is that?! How can I fix it? Please note that the different is in the HTTPS and HTTP order. Regards, Amir S --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
