tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brigger Patrick <>
Subject RE: keeping sessions when switching from http to https
Date Wed, 25 Jul 2001 05:51:11 GMT
Dear David,
Yes, with cookies turned on it alsow works on my end, no problem. However,
many people have cookies turned off, and for any real world application, it
MUST also work when cookies are turned off. 
Go to Netscape, turn cookies off, and then try your own programs again. If
you can still switch from one to the other, bingo, I will pay you something
if you tell me the trick.
(I am using secure and insecure in same context).

-----Original Message-----
From: David Cassidy (Programmer) []
Sent: Dienstag, 24. Juli 2001 18:22
Subject: Re: keeping sessions when switching from http to https

This is rubbish. 

I'm using tomcat and switching between secure and non secure sites and 
the session is following no probs. (i'm using cookies though) 

Is your context the same on the secure and insecure ones ? 

Can you provide an example of the link that you are using to go 
between the insecure one and the secure one. 
( and the link that it produces :) ) 



Brigger Patrick wrote: 
> This is for use in an e-commerece application. The customer puts items 
> in 
> his shopping basket. When he decides to purchase, the login and credit 
> card 
> input pages are under https. Therefore, I need to establish a session 
> under 
> http and carry it over to https! 
> This works perfectly fine using JServ (real life example: 
> I am surprised to find out that I should be the 
> first 
> one who needs this using Tomcat!(?). Any real-life e-shop application 
> will 
> face this requirement. Has really nobody done this before? 
> Thanks for the answer, anyway. 
> Pat 
> -----Original Message----- 
> From: Wyn Easton [ <>
> Sent: Dienstag, 24. Juli 2001 15:17 
> To: 
> Subject: Re: keeping sessions when switching from http to https 
> What if you don't create the session until you switch 
> to https? 
> A session is pinned to a domain. The domain includes 
> the scheme (http or https) so when you switch from 
> http to https you will loose your session. Also the 
> port number will change, which changes the domain. 
> --- Brigger Patrick <> 
> wrote: 
> > Hi, 
> > 
> > Without cookies, I loose my session object when 
> > switching from http to https 
> > using encodeUrl. Can anyone help? 
> > Otherwise, it makes Tomcat really useless in real 
> > life applications, where 
> > it is absolutely necessary to support customers that 
> > have cookies disabled. 
> > 
> > Thanks, 
> > 
> > Pat 
> __________________________________________________ 
> Do You Yahoo!? 
> Make international calls for as low as $.04/minute with Yahoo! Messenger 
> <>  

View raw message