session lost after redirected from https to http

[Evan Sho]

Hi all cocoon users,

When I try to implement login function by cocoon,
users go to the login page (http) and submit
login/passwd to authen page (https); if authenticated,
the page will be redirected to the user's homepage
(http).

When the page is redirected from
https to http, the session is lost. If i use https for
all pages or use http for all pages, the session can
be kept.

The login function uses database authenticator
described in example and the homepage is protected by
the technique described in example - protected area.

currently we use JDK 1.3.1 on w2k, tomcat 4.0.1,
cocoon 2.0.

Could anyone know how can I solve this problem please
kindly give me a hints or which class i should look
for? thanks a lot.

Regards
Evan




___
Do You Yahoo!?
Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk

-
Please check that your question has not already been answered in the
FAQ before posting. 

To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>

Re: Session lost

[Jeremy Quinn]

At 2:09 PM +0100 13/9/01, Jeremy Quinn wrote:
>Dear All,
>
>I am building a little login test.
>It is meaningless, because the login validation is hard-coded but it is a
>handy test for me, because I am just learning ;)
>
>Here is a snippet of my (sub) sitemap:

[snip]

>   
>  
>value="context://r2r/resources/validators/login-test.xml"/>
>   value="is-logged-in"/>
>   
>   value="{../username}"/>
>   value="{../password}"/>
>   

[snip]

OK, sorry, I worked out why it was not working

1. wrote 'paramater' instead of 'parameter', yek!
2. the expression to pick up the parameter was wrong, but I don't
understand why

 did'nt work

 worked

which puzzled me, I thought that because the 'session-propagator' action
was nested inside the 'form-validator' I would need to access the 'parent'
Map, I thought the 'form-validator' was the one that had put the parameters
onto the Map.

regards Jeremy
-- 
   ___

   Jeremy Quinn   Karma Divers
   webSpace Design
HyperMedia Research Centre

   


-
Please check that your question has not already been answered in the
FAQ before posting. 

To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>

Session lost

[Jeremy Quinn]

Dear All,

I am building a little login test.
It is meaningless, because the login validation is hard-coded but it is a
handy test for me, because I am just learning ;)

Here is a snippet of my (sub) sitemap:









































This is what the 'login-test.xml' file looks like:











What happens is this:

With URL http://my.ip/c2/r2r/

Matches "/r2r/", redirects to r2r subsitemap "/"
Matches "/", redirects to 'welcome'
Matches 'welcome'
Session Validator fails (as expected)
Form Validator fails (as expected)
Session Propagator fails (as expected)
Redirects to 'login-fs'
User fills in form with 'username' and 'password'   posts to 'welcome'
Matches 'welcome'
Session Validator OK
Form Validator OK
Session Propagator OK
Redirects to 'welcome-fs'
I have a session cookie, I am 'logged in'

Up until now, everything has worked as expected

With URL http://my.ip/c2/r2r/welcome

Matches "/r2r/", redirects to r2r subsitemap "/"
Matches "/", redirects to 'welcome'
Matches 'welcome'
Session Validator fails (not expected)
should have redirected to 'welcome-fs'


I appear to have lost my session parameters!
It does not report that there is no Session, only that the 'username'
parameter is now null.

Another thing, I sometimes see the session string on the URL (?), why? I
have it in the cookie ..

Can anyone explain what I am doing wrong?

thanks

regards Jeremy








-- 
   ___

   Jeremy Quinn   Karma Divers
   webSpace Design
HyperMedia Research Centre

   


-
Please check that your question has not already been answered in the
FAQ before posting. 

To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>