tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ricky Leung" <ri...@booksense.com>
Subject RE: Why does encodeURL not include Session ID when switching between HTTP and HTTPS
Date Mon, 02 Dec 2002 05:10:18 GMT
just take the protocol and domain part out of the encodeURL function and
only have the rest of the section be in encodeURL().

so in stead of request.encodeURL("https://www.myserver.com/test.html") use
"http://www.myserver.com" + requestencodeURL("/test.html");


> -----Original Message-----
> From: Raiden [mailto:raiden@wonko.inow.com]
> Sent: Sunday, December 01, 2002 5:10 PM
> To: Tomcat Users List
> Subject: Re: Why does encodeURL not include Session ID when
> switching between HTTP and HTTPS
>
>
> A quick addendum... is there a setting somewhere that I need to explicitly
> state that my server is www.myserver.com, and therefore regardless of
> protocol (HTTP or HTTPS), all links at this server should be encoded with
> the session id?
>
> Thanks again,
> Raiden
>
>
> On Sun, 1 Dec 2002, Raiden wrote:
>
> > Hello,
> >
> > I have searched the archives, and while I have seen several people ask
> > this question, there doesn't seem to be an agreed upon answer/solution.
> >
> > I am using Tomcat 4.1.12.  When cookies are on, I can switch
> bettween http
> > and https just fine, while maintaining my session.  (I am using
> the Ajp13
> > connector with Apache, and so Apache does all my SSL management.)
> >
> > However, when cookies are off... URL rewriting ONLY seems to work when I
> > stay on the same protocol.  (Start on an HTTP page, all HTTP links are
> > properly encoded with the session id.  Start on an HTTPS page, all HTTPS
> > links are properly encoded with the session id.  However, start
> in either
> > protocol, and the links for the other protocol are NOT properly
> encoded.)
> >
> > As soon as I try and encode a link that would switch the protocol from
> > HTTP to HTTPS or HTTPS to HTTP, those links do not include the session
> > id.
> >
> > I have every link surrounded by response.encodeURL().
> >
> > Does anyone know why the encodeURL method does not seem to be including
> > the session id when I attempt to include a link that is in a different
> > protocol?
> >
> > I'm assuming it's because the encodeURL method does not think
> > http://www.myserver.com and https://www.myserver.com are able
> to maintain
> > the same session... but I can't understand why... especially
> since Tomcat
> > and Netscape and IE have aggreed to send the session cookie on both
> > protocols, when using cookies to maintain sessions.
> >
> > Thanks,
> > Raiden
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>
>


--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message