accessing pdf via https URL

I send out a newsletter email containing URLs to a https website that then redirects to a pdf document.

On first invocation of a URL the user is prompted with the typical https browser "security alert" popup, on selecting "Yes" the display of the PDF fails. The HTTP Header on the failed response is:

HTTP/1.1 200 OK
Server: ECS/HTTP-Server
Date: Tue, 16 Mar 2010 15:57:26 GMT
Content-type: application/pdf
Content-language: en-US
Set-cookie: JS开发者_高级运维ESSIONID=0000r111cRz1Vc-PtCJg8Cdu4eR:-1; Path=/
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-control: no-cache="set-cookie, set-cookie2"
Connection: close

Subsequent invocations of the URL successfully opens the PDF (at this point we have the session id cookie set by the initial failed request). The HTTP Header on the successful response is:

HTTP/1.1 200 OK
Server: ECS/HTTP-Server
Date: Tue, 16 Mar 2010 16:53:03 GMT
Content-type: application/pdf
Content-language: en-US
Connection: close

The email client is Lotus Notes 6.5 which launches an IE6 browser

Any ideas?

Security alerm from IE may comes from self-signed SSL certificate. Do you have SSL cert, signed with standard CA's?

Is you project corporative or open to any user?

PS: try to add an additional redirect before showing pdf.

Problem was due to the Struts servlet setting a new session cookie in the HTTP response that contained the PDF. This caused IE 6 to "drop" the PDF.

Solution was to use a native servlet which does not send a set-cookie in the HTTP Headers.