tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joseph Chiu" <jc...@spun.com>
Subject RE: how to maintain session between HTTP and HTTPS?
Date Fri, 15 Dec 2000 01:12:47 GMT
> Currently I have only one JVM running tomcat, with
> http on port 8080 and https on port 8443.

Ah.  There's your problem...

The problem is with the browser not accepting not allowing cookie sharing
for URL's on non-standard ports.

That is:

http://www.swap.com/ and https://www.swap.com/ can share cookies

But:

http://www.swap.com:80/ and http://www.swap.com/ cannot share cookies.
https://www.swap.com:443/ and https://www.swap.com/ cannot share cookies
http://www.swap.com:80/ and https://www.swap.com:443/ cannot share cookies
http://www.swap.com:8080/ and https://www.swap.com:8443/ cannot share
cookies

We ran into the same problems while developing www.swap.com (we've since
changed to www.spun.com - Your Online Entertainment Exchange!)...

Hope this helps.

Joseph

-----Original Message-----
From: Weigen Liang [mailto:weigenliang@yahoo.com]
Sent: Thursday, December 14, 2000 2:35 PM
To: tomcat-dev@jakarta.apache.org
Subject: RE: how to maintain session between HTTP and HTTPS?



--- Michael Kuz <mkuz@ServiceIntelligence.com> wrote:
> Are you sharing sessions over multiple Tomcat
> instances/boxes?
> (ie: does HTTP and HTTPS both point to same instance
> of Tomcat?)
>
Currently I have only one JVM running tomcat, with
http on port 8080 and https on port 8443.


> > -----Original Message-----
> > From: Weigen Liang [mailto:weigenliang@yahoo.com]
> > Sent: Thursday, December 14, 2000 9:21 AM
> > To: tomcat-dev@jakarta.apache.org;
> eroberts@alexandriasc.com
> > Subject: RE: how to maintain session between HTTP
> and HTTPS?
> >
> >
> >
> > --- cga <cga@ciudad.com.ar> wrote:
> > > I find it strange that it doesn't maintains
> session
> > > accross http and https.
> > > ┬┐Are you redirecting?
> > Netscape (4.7, at least) does not maintain session
> > between http and https. IE does. This happens with
> or
> > without redirect.
> >
> > What I ended up doing is to ALWAYS encode session
> id
> > into the urls when crossing the http/https
> boundary,
> > so not depending on the encodeURL or
> encodeRedirectURL
> > of response object.
> >
> > > Gaston
> > >
> > >
> > > ----- Original Message -----
> > > From: Elijah Roberts <eroberts@alexandriasc.com>
> > > To: <tomcat-dev@jakarta.apache.org>
> > > Sent: Saturday, December 09, 2000 4:11 AM
> > > Subject: Re: how to maintain session between
> HTTP
> > > and HTTPS?
> > >
> > >
> > > > On Saturday December 09, 2000 Weigen Liang
> wrote:
> > > > > > I'm trying to find a way to maintain
> session
> > > between
> > > > > > HTTP and HTTPS: some pages (html/jsp),
> > > > > > such as login and credit card info, need
> to
> > > > > > transported under HTTPS, but the rest does
> not
> > > > > > need to. I prefer not to spending the
> extra
> > > > > > cpu circles for unnecessary encryption
> since
> > > > > > the servers may be under heavy cpu
> utilization
> > > > > > due to generating images for returning to
> > > user.
> > > > > >
> > > > > > Any suggestions?
> > > >
> > > > Is a normal JSP session not maintained across
> HTTP
> > > and HTTPS. I have
> > > > never tried it out, but I don't see any reason
> why
> > > it shouldn't work.
> > > > Have you tried it and found it to not work?
> Your
> > > email is a little vague.
> > > >
> > > > Elijah Roberts
> > > > eroberts@alexandriasc.com
> > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Shopping - Thousands of Stores. Millions of
> Products.
> > http://shopping.yahoo.com/
> >
>
> Michael R. Kuz
> Developer
> Service Intelligence
> (403) 261-5000 ext. 363
> mkuz@serviceintelligence.com
>


__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/


Mime
View raw message