tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Cassidy (Programmer)" <dcass...@hotgen.com>
Subject Re: keeping sessions when switching from http to https
Date Tue, 24 Jul 2001 16:21:42 GMT
This is rubbish.

I'm using tomcat and switching between secure and non secure sites and
the session is following no probs. (i'm using cookies though)

Is your context the same on the secure and insecure ones ?

Can you provide an example of the link that you are using to go 
between the insecure one and the secure one.
( and the link that it produces :) )


Thanks

David

Brigger Patrick wrote:
> 
> This is for use in an e-commerece application. The customer puts items
> in
> his shopping basket. When he decides to purchase, the login and credit
> card
> input pages are under https. Therefore, I need to establish a session
> under
> http and carry it over to https!
> 
> This works perfectly fine using JServ (real life example:
> www.getabstract.com). I am surprised to find out that I should be the
> first
> one who needs this using Tomcat!(?). Any real-life e-shop application
> will
> face this requirement. Has really nobody done this before?
> 
> Thanks for the answer, anyway.
> 
> Pat
> 
> -----Original Message-----
> From: Wyn Easton [mailto:wyneaston@yahoo.com]
> Sent: Dienstag, 24. Juli 2001 15:17
> To: tomcat-user@jakarta.apache.org
> Subject: Re: keeping sessions when switching from http to https
> 
> What if you don't create the session until you switch
> to https?
> 
> A session is pinned to a domain. The domain includes
> the scheme (http or https) so when you switch from
> http to https you will loose your session. Also the
> port number will change, which changes the domain.
> 
> --- Brigger Patrick <Patrick.Brigger@GETABSTRACT.com>
> wrote:
> > Hi,
> >
> > Without cookies, I loose my session object when
> > switching from http to https
> > using encodeUrl. Can anyone help?
> > Otherwise, it makes Tomcat really useless in real
> > life applications, where
> > it is absolutely necessary to support customers that
> > have cookies disabled.
> >
> > Thanks,
> >
> > Pat
> 
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/

Mime
View raw message