Just want to point at that we should be careful about doing this. Especially
if we are keeping track of who is logged on, etc. with session cookies.
It is not so difficult to hijack a client side session id. A bad guy can
steal your session id while you are in a non secure area, and then use your
session id after you have logged on. Using SSL for secure areas does not
hinder this from happening.
Of course it depends on how secure your app needs to be...
/Jason
-----Original Message-----
From: Aniket V U [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 20, 2001 6:46 AM
To: Orion-Interest
Subject: Re: Mixing secure & non-secure pages in the same application
hi,
The solution we are using in our application is to have two instances of
the application running, on in secure mode and another in unsecure mode.
Whenever we want to access the secure pages, we simply redirect to the
secure application and vice versa. There is no session problem either since
the session is shared between the applications.
Regards
----------------------------------------------------------
Aniket Upganlawar
CTO
Verchaska
Tel : +91-22-6559920
Mobile : 98202 15601
----------------------------------------------------------
Verchaska - Helping your business succeed
----------------------------------------------------------
