tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Kuz <m...@ServiceIntelligence.com>
Subject RE: how to maintain session between HTTP and HTTPS?
Date Thu, 14 Dec 2000 17:14:32 GMT
Are you sharing sessions over multiple Tomcat instances/boxes?
(ie: does HTTP and HTTPS both point to same instance of Tomcat?)

> -----Original Message-----
> From: Weigen Liang [mailto:weigenliang@yahoo.com]
> Sent: Thursday, December 14, 2000 9:21 AM
> To: tomcat-dev@jakarta.apache.org; eroberts@alexandriasc.com
> Subject: RE: how to maintain session between HTTP and HTTPS?
> 
> 
> 
> --- cga <cga@ciudad.com.ar> wrote:
> > I find it strange that it doesn't maintains session
> > accross http and https.
> > ┬┐Are you redirecting?
> Netscape (4.7, at least) does not maintain session
> between http and https. IE does. This happens with or 
> without redirect. 
> 
> What I ended up doing is to ALWAYS encode session id 
> into the urls when crossing the http/https boundary,
> so not depending on the encodeURL or encodeRedirectURL
> of response object.
>  
> > Gaston
> > 
> > 
> > ----- Original Message -----
> > From: Elijah Roberts <eroberts@alexandriasc.com>
> > To: <tomcat-dev@jakarta.apache.org>
> > Sent: Saturday, December 09, 2000 4:11 AM
> > Subject: Re: how to maintain session between HTTP
> > and HTTPS?
> > 
> > 
> > > On Saturday December 09, 2000 Weigen Liang wrote:
> > > > > I'm trying to find a way to maintain session
> > between
> > > > > HTTP and HTTPS: some pages (html/jsp),
> > > > > such as login and credit card info, need to
> > > > > transported under HTTPS, but the rest does not
> > > > > need to. I prefer not to spending the extra
> > > > > cpu circles for unnecessary encryption since
> > > > > the servers may be under heavy cpu utilization
> > > > > due to generating images for returning to
> > user.
> > > > >
> > > > > Any suggestions?
> > >
> > > Is a normal JSP session not maintained across HTTP
> > and HTTPS. I have
> > > never tried it out, but I don't see any reason why
> > it shouldn't work.
> > > Have you tried it and found it to not work? Your
> > email is a little vague.
> > >
> > > Elijah Roberts
> > > eroberts@alexandriasc.com
> > 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Shopping - Thousands of Stores. Millions of Products.
> http://shopping.yahoo.com/
> 

Michael R. Kuz
Developer
Service Intelligence
(403) 261-5000 ext. 363
mkuz@serviceintelligence.com

Mime
View raw message