basically, cookies are URL spec (as per the spec, check it out in Netscape
Central) URL dependant; if you send a cookie for a URL http://www.yahoo.com
then that cookie is valid for that URL only; that cookie won't show up for
URL https://www.yahoo.com (note the different protocol, https, instead of
http); there's a way to make a cookie public for all URL's, but of course,
that might compromise security; that's what orion does when you set
'shared="true"'.
A good log would surely help (may I suggest log4j,
http://jakarta.apache.org)
HTH
JP
> -----Original Message-----
> From: Sergio Socarras [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 09, 2001 2:59 PM
> To: Orion-Interest; [EMAIL PROTECTED]
> Subject: RE: Session cookie and https. PLEASE HELP!!!!
>
>
> Juan,
>
> Thanks for responding to my email! Yes sessions
> working correctly is truly critical to our app.
> Basically we have about 14 machines running in our
> environment behind an alteon. The alteon selects a
> machine the first a person comes in, a session is
> created, and that person is made sticky to that
> machine because we are not currently replicating
> sessions. On and off we have reports of sessions being
> lost. I'm not sure if operations is making a mistake
> in regards to the stickiness or if I'm dealing with
> another issue here. What I have noticed is what I
> mention in my previous email, that under https I never
> see the cookie get set and sometimes and only
> sometimes URLs get rewritten.
>
> Someone in another email suggested I use the
> shared=true setting in the secure-site.xml but I'm not
> sure how this would help. The documentation is rather
> vague in this area so any help would be appreciated.
>
> Thanks for all your help!
>
> Sergio
>
> in our application it is truely critical that
>
>
> --- "Juan Lorandi (Chile)" <[EMAIL PROTECTED]>
> wrote:
> > Under SSL, the (preferred) method for
> > session-tracking is SSL session id. I
> > think orion tries this, and falls back to URL
> > rewriting if needed.
> >
> > HTH
> >
> > JP
> >
> > PS: Is this truly critical to your app? We are
> > implementing our own Session
> > Management here and perhaps we'll run into the same
> > problems you will?
> >
> > > -----Original Message-----
> > > From: Sergio Socarras [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, March 07, 2001 5:01 AM
> > > To: Orion-Interest
> > > Subject: Session cookie and https. PLEASE HELP!!!!
> > >
> > >
> > > Hi
> > > I'm running into some strange behavior with
> > sessions
> > > when running under https. I notice that when I set
> > my
> > > browser to prompt me when a cookie is to be set
> > and
> > > hit my application with regular http, I get a
> > prompt
> > > for the session cookie. If I hit the same page
> > running
> > > a secure connection I'm never prompted. I also
> > notice
> > > that under the secure connection some of my URLs
> > get
> > > rewritten. Interesting enough the first page,
> > which is
> > > where I initially create the session, doesn't have
> > any
> > > of its URLs rewritten. However, the second, third,
> > and
> > > forth pages do. Can someone please explain what's
> > > going on. Does the setting of the session cookie
> > not
> > > work under secure connections?
> > >
> > > PLEASE PLEASE HELP!!!
> > >
> > > Thanks
> > > Sergio
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Get email at your own domain with Yahoo! Mail.
> > > http://personal.mail.yahoo.com/
> > >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - Buy the things you want at great prices.
> http://auctions.yahoo.com/
>
