tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Oxley <d...@staffplanner.co.uk>
Subject RE: HttpSession across virtual hosts
Date Thu, 08 Feb 2001 13:07:49 GMT
>I sort-of understand what you're doing, but I'm not clear on a couple of
details.
>What do you mean when you say you've "coded a request"? How exactly is
>the session ID passed from the original host to the new host, is this by a
>form field embedded into the HTML, or is it all on the server side?

Like URL-Encoded session management. The host passes our session id back to
the server when changing hosts so that it can be connected to the new
HttpSession.

Doesn't normal session management have exactly the same problem. When
writing an E-Commerce system the basket is normally chosen on an unsecure
host and then the user is put on to a secure host to checkout their
products. You need to be able to id the user between the two hosts. There
has to be a 'secure' way of doing this?!?!

Dave
Dave@Staffplanner.co.uk

Mime
View raw message