hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a.r.dikh...@kpn.com
Subject RE: Problem maintaining sessions through HTTPS
Date Fri, 24 Oct 2003 13:24:17 GMT
> > We've been examining the headers, but the server doesn't seem to send
> > cookies (in http it does, but not in https). I was assuming this was
> > supposed to be done through some under-water process (I'm not very
> > with https), but the HttpState object does not contain any cookies in
> > cookie collection after the first request (in http it does). Is this
> Some application servers (IBM Websphere 4.0.x for instance) can use SSL
> ID instead of a session cookie to lookup HTTP session data on the server
> This certainly makes things more secure, as many exploits based on
stealing or 
> faking  the session cookie are rendered impossible.

I see, so the reason I don't see cookies in OC4J might be because they use
this method. Do you know if (and how) HttpClient supports this type of

Thanks, Arjan

To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org

View raw message