Heya,
I support an existing website written in Java and deployed to Apache tomcat. Let's call it: www.mywebsite.com.
This website includes a secure section, www.mywebsite.com/secure, which is behind SSL certificate authentication. As well as an SSL certificate, it also sets a session cookie with some user-specific information so that when the user goes back to www.mywebsite.com they still get an expanded menu of the secure options as opposed to a menu item that said 'Go to secure pages'.
However:
We are doing a staged website rename so now www.mywebsite.com is www.myotherwebsite.com which is being managed through apache url redirects. The pages behind the secure are still www.mywebsite.com.
Now when we write the session cookie, which is still in the secure www.mywebsite.com, and go back to the www.myotherwebsite.com pages, it's lost all knowledge of the cookie and hence isn't showing the secure item submenu.
I'm not sure what code would be useful to show in these circumstances, I am neither an apache tomcat nor a java cookie expert.
The apache config has a series of exclusions for secure pages and then a redirect for everything else to the new domain.
I'm hoping someone else has done a redirect like this and hit similar session cookie issues and can point me in the direction of what I need to look at.
Thanks.