Glen,
I found this a right pain, and currently I'm using SSL for the whole app.
But this is storing up performance problems as I'm sending fairly high rez
astronomical images over SSL and I know I'll have to fix it sometime.
The way I'm thinking of getting round it is to send back a one time key in a
cookie in the redirect page, that is the key to an application visible
hashtable where I'll put the original session as the value against this key.
When the redirect occurs, I'll read my key cookie to get the one time key to
retrieve the original session, then create a new session for the insecure
request, and copy everything I need from the secure session to the new
session.
I haven't tried this yet though and if anyone's got any better ideas, I'd be
pleased to hear them...
Andy
-Original Message-
From: Drinkwater, GJ (Glen) [mailto:[EMAIL PROTECTED]
Sent: 21 April 2004 13:15
To: 'Tomcat Users List'
Subject: SSL and sessions
Hi
I am using tomcat with ssl for the initial log into my application over ssl,
the problem is that if i send the application back to http (normal) the
session that i first created under ssl is different from the session that is
created going back to http. Is there any configuration that allows the same
session to go to and from https and http with the same session id.
Cheers Glen
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
