httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nelson, Robert D." <RDNel...@Mail.Donaldson.com>
Subject RE: [users@httpd] SSL, Cookies, Post Variables
Date Tue, 05 Nov 2002 21:18:31 GMT
Greg:

> Thank your for the reply. I understand the issue of having 
> different domain
> names and trying to pass the cookies. This makes sense to me. 
> However, I
> think this goes a little bit deeper. I assumed my test 
> certificate is tied
> to a specific domain/ip. So when I went secure I used the domain I
> registered the certificate under (www.soluprobe.net). In 
> testing I tried
> going secure using the other virtual domain names I am 
> hosting and this
> seemed to work as far as being secure went. So I was able to 
> maintain the
> same domain name when going secure. However, the secure URL 
> needed to be
> coded a bit differently:
> 
> http://www.soluprobe.net/index.html needed to be
> https:/www.soluprobe.net/~username/index.html when going 
> secure. So there is
> more going on there under the hood. This still did not work 
> for me even
> though I could maintain the same domain name. I see in some 
> of the SSL docs
> that virtual domain names are and issue:

This is right.  It's rather common to be able to access the same docs under
different domains by using different paths.  As far as the SSL goes, it
requires the use of an IP.  The client will attempt to make a connection to
domain www.foo.com by resolving its IP address and connecting to that.  The
problem is, since the SSL connection is made before the actual HTTP request,
Apache will serve up the default site.  It's kind of the same thing it does
if the Host HTTP header isn't sent (like in HTTP/1.0 connections).

> This seems to imply I cannot even attempt to go secure using virtual
> domains, yet it appears to allow it when I try it on my server. I am
> thoroughly confused and perhaps in over my head.

I'm a little confused myself as to your question.  As is well documented,
you can't use name-based virtual hosts with SSL certs.  The SSL connection
may work, but Apache can't work with the request properly.  If you want
www.foo.com and www.bar.com to both use SSL, you need two IPs and ip-based
virtual hosts.  Your other option is to have one "main" domain that has SSL
(eg www.foo.com) and call the objects from the virtual host via the path (eg
www.bar.com/index.html would be www.foo.com/~bar/index.html).

As far as the cookie thing goes, you should set the cookie with a
www.foo.com value in the "domain" field.  You may also want to set it with
"/" in the "path" field so it is accessable by any URL with the www.foo.com
domain.  If you do this, you should be able to access the cookie by any
programs that are called from...

 http://www.foo.com/program.cgi
 http://www.foo.com/~bar/program.jsp
 etc, etc, etc

Maybe if you explain your question a little better we can be more specific.

 ~ Robert


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message