tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brigger Patrick <>
Subject RE: keeping sessions when switching from http to https
Date Tue, 24 Jul 2001 16:07:06 GMT
This is for use in an e-commerece application. The customer puts items in
his shopping basket. When he decides to purchase, the login and credit card
input pages are under https. Therefore, I need to establish a session under
http and carry it over to https! 

This works perfectly fine using JServ (real life example: I am surprised to find out that I should be the first
one who needs this using Tomcat!(?). Any real-life e-shop application will
face this requirement. Has really nobody done this before?

Thanks for the answer, anyway.


-----Original Message-----
From: Wyn Easton []
Sent: Dienstag, 24. Juli 2001 15:17
Subject: Re: keeping sessions when switching from http to https

What if you don't create the session until you switch
to https?

A session is pinned to a domain. The domain includes
the scheme (http or https) so when you switch from
http to https you will loose your session. Also the
port number will change, which changes the domain.

--- Brigger Patrick <>
> Hi,
> Without cookies, I loose my session object when
> switching from http to https
> using encodeUrl. Can anyone help? 
> Otherwise, it makes Tomcat really useless in real
> life applications, where
> it is absolutely necessary to support customers that
> have cookies disabled.
> Thanks,
> Pat

Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger

View raw message