If your code demonstrates that Orion loses the session (or creates a new one),
each time that the SSL session is re-established, then that would indicate to
me that it is an Orion bug. I assumed that your problem was tied to the Basic
Auth, but you are apparently using a FORM instead, and your processing it just
like ours in that case.
Bugzilla.... :(
tim.
> This is my first HTTPS application, so maybe I'm doing something wrong. Our
> logon uses a JSP page, and places a UserInfo object in the HttpSession
> (along with other objects we use for workflow tracking). All subsequent
> access checks for this object before processing, forwarding to the logon
> page if it is not found. Our problem was that every two minutes the session
> changes (a println() in the servlet now displays a different session id),
> the UserInfo object is not found, so the logon page is displayed again.
> Adding this registry entry solved the problem on all client machines. How
> should I change this to get around the problem?
>
> My only reason for suggesting that it may be an Orion problem is just that
> I've never had problems using IE on other company's secure sites, so
> something is being handled differently. If the problem lies with me, thats
> OK, I just need someone to point me in the right direction so I can fix it.
>
> Thanks,
> Bruce
>
> -----Original Message-----
> From: Tim Endres [mailto:[EMAIL PROTECTED]]
> Sent: Monday, March 26, 2001 2:24 PM
> To: Orion-Interest
> Subject: Re: Orion + IE + HTTPS = Trouble
>
>
> The artical you reference on Microsoft's site explicitly states that the
> problem
> is in MS's products, which implies it is not an Orion problem. Further, the
> problem
> is related to BASIC AUTH dialogs. Thus, the reason I believe you are not
> seeing this
> problem in general with other servers is that nobody uses basic auth. Most
> sites put
> their login pages up as HTML FORM's, not as basic authentication.
>
> tim.
>
> > IE 5.0/5.5 running on 95/98/NT keeps losing it's HTTPS session with Orion,
> > which is big trouble if you store logon info there. By default these
> > versions of IE renegotiate their SSL connections every two minutes, but
> this
> > can be changed by adding a DWORD registry entry.
> >
> >
> HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ClientCache
> > Time
> >
> > Adding this entry, and setting it to 0x7FFFFFFF has solved all our issues
> > with forcing constant logons when running in secure mode, but is a major
> > pain because it has to be done for all clients (except Win2K and WinME
> > clients)
> >
> > Since I have never come across this problem when logging on to other HTTPS
> > sites on the web, I can't help but wonder if Orion is not handling the
> > situation properly (I've tried it on both 1.38 and 1.45). Does anyone
> else
> > have any experience with this problem, or can comment on whether Orion
> > should be handling this without modifying every client machine?
> >
> > Thanks,
> > Bruce
> >
> > Microsoft reference:
> > http://support.microsoft.com/support/kb/articles/Q265/3/69.ASP
> >
>
>