This makes sense if you think about it since the secure server and the
non-secure server are different web-apps.
I got around this problem by adding shared='true' to the web-app tag for
both web-apps. Now sessions and context information is the same and no more
problem.
Now -- I'm not sure that this is the right solution, but it makes sense and
it works in this limited case.
-----Original Message-----
From: Geoff Marshall [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 06, 2001 9:30 AM
To: Orion-Interest
Subject: https second session problems...
First, a thank-you to Jay Armstrong for his SimplePortTester. Indeed,
Apache had port 443 locked up even though I thought I had stopped Apache.
Here's the problem of the day:
I'm only using JSP and Beans. It seems when I switch between http and https,
Orion crreates a 'second session'. I have inserted a System.err.println in
EVERY method of my SessionBean which has a single boolean property:
loggedOn. My comments (//)
// run orion
[root@daphne orion]# Orion/1.4.5 initialized
// with browser hit my index page in http
// index page instantiates two DataAccess objects, and
// one SessionBean with session scope
DataAccess.DataAccess() - constructing...
DataAccess.DataAccess() - constructing...
SessionBean.SessionBean() - constructing...
SessionBean.getCustId() -
SessionBean.isLoggedOn() - false
// fill out log-on form on index page and log on (re-submits page as https)
DataAccess.DataAccess() - constructing...
DataAccess.DataAccess() - constructing...
SessionBean.SessionBean() - constructing...
// ...there you have it, all three session
// beans are being instantiated again!!!
// EVEN THOUGH my JSESSIONID does not change
// (looked at it in my brower)
SessionBean.getCustId() -
SessionBean.setCustId() -
SessionBean.logOn() -
// cust now logged on in https
// still there on next https page.
SessionBean.isLoggedOn() - true
SessionBean.getCustId() - 2
// switch to http page, and cust is gone.
SessionBean.isLoggedOn() - false
// back to https and cust is there again.
SessionBean.isLoggedOn() - true
SessionBean.getCustId() - 2
SessionBean.isLoggedOn() - false
SessionBean.getCustId() - 2
Is this a bug or a feature? If it's a bug or a feature, is there a
work-around? It makes no sense to me why you would want to create a second
'session'.
--
-Geoff Marshall, Director of Development
.......................................................
t e r r a s c o p e (415) 951-4944
54 Mint Street, Suite 110 direct (415) 625-0349
San Francisco, CA 94103 fax (415) 625-0306
.......................................................