David Smith wrote:
So if I have this right, the sequence is:
1. Login to the unsecure http site
2. Click on a https secure link
3. You get a second login.
If that's the case, you should change things so people get moved to
the secure https page, login, and then taken back to the http unsecure
page. Sessions created in the unsecure http protocol are not trusted
by the secure https protocol in tomcat. If I remember right, sessions
created in secure https are trusted by http.
I can also bring up the initial login page in https and I still
get the same problem when I do that so I'm not sure that
that is what it is.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
