geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <ammul...@alumni.princeton.edu>
Subject Re: Is this acceptable authorization for accessing a web resource
Date Wed, 18 Jan 2006 14:59:03 GMT
In technical terms, I don't think it does because a cookie has been
set for that host and/or path, so if you access the same host/path
with a different scheme I think the cookie is still valid.

In practical terms, I think it has to work that way, or else we'd
break the style of application that uses HTTP pages except for an
HTTPS login or personal information entry page -- where the user is
essentially expected to go back and forther between HTTP and HTTPS as
part of the same sequence and without logging in again or being
forgotten.

Thanks,
    Aaron

On 1/18/06, Vamsavardhana Reddy <c1vamsi1c@gmail.com> wrote:
> Consider the following scenario.
>
>  After starting Geronimo, open a browser window and access
> http://localhost:8080/console/portal/welcome .  Browser
> displays the login page.  After entering the userid/ password and clicking
> on Login button, browser displays welcome page at
> http://localhost:8080/console/portal/welcome .  Now,
> through the same browser window, access the URL
> https://localhost:8443/console/portal/welcome .  At this step, the browser
> displays the welcome page without asking for login information.  Doesn't the
> web application require authentication again at this step?
>
>
>
>
>

Mime
View raw message