You shouldn't have to muck with the server configuration - the defaults already contain an HTTPS listener. Just add a <security-constraint/> containing <transport-guarantee>CONFIDENTIAL</transport-guarantee> to your web.xml. See:
Please paste your security-constraints from web.xml.
The main reasons were found.
In my system,
1. store the system name ="/abc/ABC_001.action"
2. and redirect to a page to do the browser checking. https://www.example.com:8443/example/BrowserChecking_001.action
3. After passing the browser checking, the system would redirect to /abc/ABC_001.action
However, chrome and firefox would create a new session once redirect from http to https.
Therefore, it could not find the session variable "system name" and redirect to null