I am trying to login a user using a jsp over https and i am storing his userid and some more personal info in a session variable session.setAttribute("userid",98767) when i move on to another non secure jsp ex: http://www/xyz.com/test.jsp and try to acces the session variable session.getAttribute("userid") i always get a null value, where as if i set the session variable in a normal http jsp i can access the variables properly.
Any help/pointers are highly appreciated.
I'd imagine browsers assume cookies set via HTTPS shouldn't be transferred over HTTP, as they may be sensitive data.
What browser, What server?
I have a page that does exactly the same thing and works.
Sometimes it is possible for a cookie to be available for http://site.com and not available in http://www.site.com , so confirm subdomains aren't the issue, rather than https
According to this forum post, what you can do is create your session from an http page first, then switch to https. Can't tell you if it's correct or not though, just pointing it out.