Is there any way to share a httpsession between the confidential and the non confidential parts of a web-app, without resorting to url rewriting ?
The question relates to the fact that whenever I do sendRedirect to an http
servlet from inside an https servlet (one having a url with the CONFIDENTIAL transport-guarantee) , any session that I created inside the https servlet is not propagated, since the browser does not send any jsessionid generated by the https servlet (with request.getSession) to the http servlet in the same app, either due to the fact that the cookie is set with the Secure attribute in the first place or due to the http and https running in different ports not being recognized as the same app by the browser, or both.
More generically, what is the standard way to make a user access non-confidential content only as a securely (confidentialy) authenticated user ?
Thanks.