tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raiden <rai...@wonko.inow.com>
Subject Re: Why does encodeURL not include Session ID when switching between HTTP and HTTPS
Date Sun, 01 Dec 2002 22:10:06 GMT
A quick addendum... is there a setting somewhere that I need to explicitly
state that my server is www.myserver.com, and therefore regardless of
protocol (HTTP or HTTPS), all links at this server should be encoded with
the session id?

Thanks again,
Raiden


On Sun, 1 Dec 2002, Raiden wrote:

> Hello,
>
> I have searched the archives, and while I have seen several people ask
> this question, there doesn't seem to be an agreed upon answer/solution.
>
> I am using Tomcat 4.1.12.  When cookies are on, I can switch bettween http
> and https just fine, while maintaining my session.  (I am using the Ajp13
> connector with Apache, and so Apache does all my SSL management.)
>
> However, when cookies are off... URL rewriting ONLY seems to work when I
> stay on the same protocol.  (Start on an HTTP page, all HTTP links are
> properly encoded with the session id.  Start on an HTTPS page, all HTTPS
> links are properly encoded with the session id.  However, start in either
> protocol, and the links for the other protocol are NOT properly encoded.)
>
> As soon as I try and encode a link that would switch the protocol from
> HTTP to HTTPS or HTTPS to HTTP, those links do not include the session
> id.
>
> I have every link surrounded by response.encodeURL().
>
> Does anyone know why the encodeURL method does not seem to be including
> the session id when I attempt to include a link that is in a different
> protocol?
>
> I'm assuming it's because the encodeURL method does not think
> http://www.myserver.com and https://www.myserver.com are able to maintain
> the same session... but I can't understand why... especially since Tomcat
> and Netscape and IE have aggreed to send the session cookie on both
> protocols, when using cookies to maintain sessions.
>
> Thanks,
> Raiden
>
>
>
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
>


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message