RE: SSL and HttpServletRequest.getRequestedSessionId()
Thanks But how do I gain access to this 'ssl session'? I can find o mention of it in the doc. Thanks Eric -Original Message- From: Lorin Kobashigawa [mailto:[EMAIL PROTECTED]] Sent: Monday, October 02, 2000 3:10 PM To: Orion-Interest Subject: Re: SSL and HttpServletRequest.getRequestedSessionId() There are actually two sessions involved in SSL. The ssl session, and the http session. The ssl session is probably returning true before the http session has been instantiated. I ran into this problem with session timeouts. Make sure to use shared="true" in your secure-site.xml, or your ssl sessions will timeout at a different time than your http sessions. (after about 60-90 sec) -Lkb At 12:40 PM 10/2/00 -0500, Walker, Eric wrote: >When accessing a web site configured for SSL I have noticed that >calling HttpServletRequest.getRequestedSessionId() for a client that has >not yet joined a session returns a non null value. The same scenario for a >non-SSL site always returns a null. Any ideas why there is a difference >between SSL vs. non-SSL? Thanks Eric /** * @author: Lorin Kobashigawa-Bates <[EMAIL PROTECTED]> * @title: CodeMonkey / COO - Robot6 Inc. * @phone: 415.345.8872 * @addr: 1177 Polk St. San Francisco, CA 94109 */
Re: SSL and HttpServletRequest.getRequestedSessionId()
There are actually two sessions involved in SSL. The ssl session, and the http session. The ssl session is probably returning true before the http session has been instantiated. I ran into this problem with session timeouts. Make sure to use shared="true" in your secure-site.xml, or your ssl sessions will timeout at a different time than your http sessions. (after about 60-90 sec) -Lkb At 12:40 PM 10/2/00 -0500, Walker, Eric wrote: >When accessing a web site configured for SSL I have noticed that >calling HttpServletRequest.getRequestedSessionId() for a client that has >not yet joined a session returns a non null value. The same scenario for a >non-SSL site always returns a null. Any ideas why there is a difference >between SSL vs. non-SSL? Thanks Eric /** * @author: Lorin Kobashigawa-Bates <[EMAIL PROTECTED]> * @title: CodeMonkey / COO - Robot6 Inc. * @phone: 415.345.8872 * @addr: 1177 Polk St. San Francisco, CA 94109 */
SSL and HttpServletRequest.getRequestedSessionId()
When accessing a web site configured for SSL I have noticed that calling HttpServletRequest.getRequestedSessionId() for a client that has not yet joined a session returns a non null value. The same scenario for a non-SSL site always returns a null. Any ideas why there is a difference between SSL vs. non-SSL? Thanks Eric