Christopher Schultz wrote:
Are you using cookies or URL-rewriting (or both) for your application? Can you use a tool like LiveHTTPHeaders to observe the headers being exchanged during the interaction described above?
We are using cookies to track sessions. I don't think we're using URL rewriting. Servlets and jsp's are handed off to Tomcat. Everything else is Apache httpd.
We seem to be losing the cookie when a page being served from the SSL virtual host forwards to a page that is not SSL (back in the regular host on port 80). No cookie means the server doesn't know that the browser is attached to the session it created for the user. My lack of Apache skills is no doubt showing. Is there a way to have Apache 2.2 serve both 80 (clear) and 443 (SSL) from the primary host instead of a virtual host? I'm guessing that the switch from the virtual host to the main host (both with the same hostname and IP but listening on different ports) is what's causing the cookie to get lost.
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
