Same site
http://example.com/ - session is not saved, JSESSIONID - every time a new onehttp://www.example.com/ - the session is saved, the JSESSIONID is the samehttps://example.com/ - the session is saved, the JSESSIONID is the samehttp://localhost/ - the session is saved, the JSESSIONID is the sameI noticed that the browser does not even transmit this cookie to the server in the first case, in the others it transfers.
The main problem was that there should be https on the server (if there is also http , then it is not even bad at all), but locally I debug the site under http .
I solved the problem as follows: I added lines to the server web.xml :
<security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> Thus it turns out that the server will always be https , and locally http
Option 2: when you need a reverse redirect from https to http .
To the pages of the site in the <head> block at the very beginning we add the script:
<script> if(window.location.protocol.includes("https")) { window.location.protocol="http"; } if(!window.location.host.includes("www") && window.location.host.includes("example.com")) { window.location.host="www.example.com"; } </script> Now it turns out that there will always be http and, if the page is loaded from the example.com domain, there will always be www.example.com
Source: https://ru.stackoverflow.com/questions/762129/
All Articles