When you move from normal protocol (http) to security protocol (https), all context attributes will be lost. How to maintain the page context in this situation?
You can do this by having a web server handle http and https negotiations, and leave your servlet engine to only handle processing JSPs and servlets. For instance, if you put Apache (with mod_ssl or whatever) in front of Tomcat, you can send http and https requests to a single servlet context within Tomcat. Tomcat includes nice HOWTOs for putting Apache in front of Tomcat.