Under SSL, the (preferred) method for session-tracking is SSL session id. I
think orion tries this, and falls back to URL rewriting if needed.
HTH
JP
PS: Is this truly critical to your app? We are implementing our own Session
Management here and perhaps we'll run into the same problems you will?
> -----Original Message-----
> From: Sergio Socarras [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, March 07, 2001 5:01 AM
> To: Orion-Interest
> Subject: Session cookie and https. PLEASE HELP!!!!
>
>
> Hi
> I'm running into some strange behavior with sessions
> when running under https. I notice that when I set my
> browser to prompt me when a cookie is to be set and
> hit my application with regular http, I get a prompt
> for the session cookie. If I hit the same page running
> a secure connection I'm never prompted. I also notice
> that under the secure connection some of my URLs get
> rewritten. Interesting enough the first page, which is
> where I initially create the session, doesn't have any
> of its URLs rewritten. However, the second, third, and
> forth pages do. Can someone please explain what's
> going on. Does the setting of the session cookie not
> work under secure connections?
>
> PLEASE PLEASE HELP!!!
>
> Thanks
> Sergio
>
> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>
