I have an issue moving from http to https on a website. All is fine with the session when browsing the site over http, however, when I browse the site over https, I believe the session expires, as I cannot access some attributes I have in session. I'm using tomcat 5.5, so I don't think tomcat is dropping session data, so I believe the session is expiring. This doesn't happen all the time, only intermittently, so why would the session randomly expire when moving from http to https?

I believe the solution to this problem is to invalidate the existing session over http and create a new secure one over https. That should solve the problem. But I don't understand why the intermittent expiration?