Hi,
I have a J2EE Web application (say APP1) that is launched from another application (CGI based, say APP2). So APP1 doesn't have a login page but a login service exposed with a servlet. Now I would like that
1) APP2 performs login on APP1 invoking a servlet on a secure HTTPS connection
2) then APP2 opens APP1 JSP pages using HTTP, since I don't have sensitive information and I don't want HTTPS overhead.

My problem is that the processing in 2) fails because it has a different web session from 1)...
I tried both JBoss 3.2.1 + Tomcat 4.1 and JBoss 4.0.0 + Tomcat 5.0 with same results.

Do you think there is any possibility to force phase 2) to use the same web session used in phase 1) ??
I'm considering using HTTPS even in phase 2)...

Thanks in advance,
Andrea