geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <>
Subject Re: Is this acceptable authorization for accessing a web resource
Date Wed, 18 Jan 2006 14:59:03 GMT
In technical terms, I don't think it does because a cookie has been
set for that host and/or path, so if you access the same host/path
with a different scheme I think the cookie is still valid.

In practical terms, I think it has to work that way, or else we'd
break the style of application that uses HTTP pages except for an
HTTPS login or personal information entry page -- where the user is
essentially expected to go back and forther between HTTP and HTTPS as
part of the same sequence and without logging in again or being


On 1/18/06, Vamsavardhana Reddy <> wrote:
> Consider the following scenario.
>  After starting Geronimo, open a browser window and access
> http://localhost:8080/console/portal/welcome .  Browser
> displays the login page.  After entering the userid/ password and clicking
> on Login button, browser displays welcome page at
> http://localhost:8080/console/portal/welcome .  Now,
> through the same browser window, access the URL
> https://localhost:8443/console/portal/welcome .  At this step, the browser
> displays the welcome page without asking for login information.  Doesn't the
> web application require authentication again at this step?

View raw message