tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Li Liang" <lli...@firstrain.com>
Subject RE: keeping sessions when switching from http to https
Date Tue, 24 Jul 2001 16:23:14 GMT
Does anybody have solution for this issue -- keep session when switching
from http to https, without cookie. It doesn't make sense not to create
the session until the swtiching. For example, shopping cart is perfect
on http until the user decides to check out. With https, it still needs
the same shopping cart. 

I am also very interested in knowing such a solution. Thanks.

-----Original Message-----
From: Brigger Patrick [mailto:Patrick.Brigger@GETABSTRACT.com]
Sent: Tuesday, July 24, 2001 12:07 PM
To: 'tomcat-user@jakarta.apache.org'
Subject: RE: keeping sessions when switching from http to https


This is for use in an e-commerece application. The customer puts items
in
his shopping basket. When he decides to purchase, the login and credit
card
input pages are under https. Therefore, I need to establish a session
under
http and carry it over to https! 

This works perfectly fine using JServ (real life example:
www.getabstract.com). I am surprised to find out that I should be the
first
one who needs this using Tomcat!(?). Any real-life e-shop application
will
face this requirement. Has really nobody done this before?

Thanks for the answer, anyway.

Pat

-----Original Message-----
From: Wyn Easton [mailto:wyneaston@yahoo.com]
Sent: Dienstag, 24. Juli 2001 15:17
To: tomcat-user@jakarta.apache.org
Subject: Re: keeping sessions when switching from http to https


What if you don't create the session until you switch
to https?

A session is pinned to a domain. The domain includes
the scheme (http or https) so when you switch from
http to https you will loose your session. Also the
port number will change, which changes the domain.


--- Brigger Patrick <Patrick.Brigger@GETABSTRACT.com>
wrote:
> Hi,
> 
> Without cookies, I loose my session object when
> switching from http to https
> using encodeUrl. Can anyone help? 
> Otherwise, it makes Tomcat really useless in real
> life applications, where
> it is absolutely necessary to support customers that
> have cookies disabled.
> 
> Thanks,
> 
> Pat


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

Mime
View raw message