Hi everyone,
I'm confused about sessions and contexts and ssl
for the following reason:
I have 3 web apps: sharedWebApp, customerWebApp and
administratorWebApp (for example).
The sharedWebApp is used by both customers and administrators, it contains no secured pages.
Both the customer and admin webapps require login and pages are served over ssl.
In my server.xml, I define 3 contexts,
the sharedApp is the 'default context' defined as follows:
<Context path="" docBase="/path/sharedApp/web"/>
and
<Context path="/customer" docBase="/path/customerApp/web"/>
<Context path="/administrator" docBase="/path/administratorApp/web"/>
Now, this is the confusing part:
When I start tomcat and go directly to
http://localhost:8080/customer I go to customerApp index.jsp, on ssl as expected. index is a login page,
I can log in, browse about and everything is cool.
When I start tomcat and go to
http://localhost:8080 I go to the sharedApp index.jsp as expected. this index page has a link,
<a href="/customer"> which goes to the customerApp index page as expected (after checking certificates etc) I can login to the customerApp as normal, but when I try browse around I get 'thrown out'. This is because a session attribute I set upon successful login, is no longer there when I try to go to another page??? It's like there is another session started or something
Sorry for being long winded,. not sure how to explain exactly whats happening.
Anyway, thanks for any comments
Joel
Hope this is the right group to post to...