[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 287
  • Last Modified:

Need to maintain a session from http to https and back

Running Linux with Tomcat 5.0.28. We have jsp pages.
Most of site is non-ssl. Need to collect credit card info on ssl page.
When we switch the user to the https page, we lose session info.
How do i not lose session info, and can i keep the session info when i return him to the regular pages?
1 Solution
you could add the session id to the url
JerryNortonAuthor Commented:
and then what? can i assign the new session the old session id?
Can I access the values stored session.getAttribute?
ideally speaking, this should not be happening.
I think tomcat uses server cookies to set up sessions and unless they are not set to secure.. they will be accesible..
( and they will be set to secure only when the session was First created in SSL).

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now