tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Why does encodeURL not include Session ID when switching between HTTP and HTTPS
Date Mon, 02 Dec 2002 07:47:00 GMT

"Ricky Leung" <ricky@booksense.com> wrote in message
news:KKEGLFOOALCMINBBJCBGAEDADFAA.ricky@booksense.com...
> just take the protocol and domain part out of the encodeURL function and
> only have the rest of the section be in encodeURL().
>
> so in stead of request.encodeURL("https://www.myserver.com/test.html") use
> "http://www.myserver.com" + requestencodeURL("/test.html");
>

Modulo the typos, that is a really clever suggestion!

>
> > -----Original Message-----
> > From: Raiden [mailto:raiden@wonko.inow.com]
> > Sent: Sunday, December 01, 2002 5:10 PM
> > To: Tomcat Users List
> > Subject: Re: Why does encodeURL not include Session ID when
> > switching between HTTP and HTTPS
> >
> >
> > A quick addendum... is there a setting somewhere that I need to
explicitly
> > state that my server is www.myserver.com, and therefore regardless of
> > protocol (HTTP or HTTPS), all links at this server should be encoded
with
> > the session id?
> >
> > Thanks again,
> > Raiden
> >
> >
> > On Sun, 1 Dec 2002, Raiden wrote:
> >
> > > Hello,
> > >
> > > I have searched the archives, and while I have seen several people ask
> > > this question, there doesn't seem to be an agreed upon
answer/solution.
> > >
> > > I am using Tomcat 4.1.12.  When cookies are on, I can switch
> > bettween http
> > > and https just fine, while maintaining my session.  (I am using
> > the Ajp13
> > > connector with Apache, and so Apache does all my SSL management.)
> > >
> > > However, when cookies are off... URL rewriting ONLY seems to work when
I
> > > stay on the same protocol.  (Start on an HTTP page, all HTTP links are
> > > properly encoded with the session id.  Start on an HTTPS page, all
HTTPS
> > > links are properly encoded with the session id.  However, start
> > in either
> > > protocol, and the links for the other protocol are NOT properly
> > encoded.)
> > >
> > > As soon as I try and encode a link that would switch the protocol from
> > > HTTP to HTTPS or HTTPS to HTTP, those links do not include the session
> > > id.
> > >
> > > I have every link surrounded by response.encodeURL().
> > >
> > > Does anyone know why the encodeURL method does not seem to be
including
> > > the session id when I attempt to include a link that is in a different
> > > protocol?
> > >
> > > I'm assuming it's because the encodeURL method does not think
> > > http://www.myserver.com and https://www.myserver.com are able
> > to maintain
> > > the same session... but I can't understand why... especially
> > since Tomcat
> > > and Netscape and IE have aggreed to send the session cookie on both
> > > protocols, when using cookies to maintain sessions.
> > >
> > > Thanks,
> > > Raiden
> > >
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
> >
>
>
> --
> To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>





--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message