is it possible to go to https and return to http?
We need to use https for authentication and in 1 or to 2 url´s in our application. In other case we prefer to stay in http mode . To do this we need to redirect the connection to https and return to http . How can we do this? Acacio Furtado Costa Pesquisa e Tecnologia GIA - Magnesita S/A *(0xx31) 3368-1349 * [EMAIL PROTECTED]
RE: is it possible to go to https and return to http?
Hi, Our site drops in and out of secure mode to do credit card transactions. We have a single instance of tomcat sitting behind an apache server. We have two virtual apache servers listed which talk to this tomcat. One os non-secure which takes the bulk of the action, and the other is setup as secure. When we want to take a user to secure, the next document is simple linked as a https connection rather than http. As the secure server is listening on the 443 port it picks it up instead of the non-secure one. The only issue we encountered when doing this is that when this happens it starts a new session. So anything stored in the http session (shopping basket) cannot been seen. The original designers of the system got arround this by using an RMI server and transfering objects through it to the new session. To say this was complicated and error prone would be an understatement. Recently we ripped this out and added the ID of the http session as a parameter to the urls going into the secure instance. By doing this, the Tomcat automatically looked for and reconnected to the orginal session. Thus allowing us to keep things simple and remove a lot of bug ridden code. Hope this helps. Regards, Derek Clarkson Global Applications Lonely Planet Publications ph: (03) 8379-8000 x8041 It's not a bug - it's an undocumented feature! -Original Message- From: Acácio Furtado Costa [mailto:[EMAIL PROTECTED] Sent: Thursday, 4 November 2004 4:32 AM To: [EMAIL PROTECTED] Subject: is it possible to go to https and return to http? We need to use https for authentication and in 1 or to 2 url´s in our application. In other case we prefer to stay in http mode . To do this we need to redirect the connection to https and return to http . How can we do this? Acacio Furtado Costa Pesquisa e Tecnologia GIA - Magnesita S/A *(0xx31) 3368-1349 * [EMAIL PROTECTED] __ This email, including attachments, is intended only for the addressee and may be confidential, privileged and subject to copyright. If you have received this email in error, please advise the sender and delete it. If you are not the intended recipient of this email, you must not use, copy or disclose its content to anyone. You must not copy or communicate to others content that is confidential or subject to copyright, unless you have the consent of the content owner.
Re: is it possible to go to https and return to http?
Hi Derek Do you append the session to the address when you go to http? Are you using the same session for http and https? Do you have any concern about security? I am facing this problem ATM and would love to hear your advise. Thanks, Ben On Thu, 4 Nov 2004 11:04:46 +1100, Derek Clarkson [EMAIL PROTECTED] wrote: Hi, Our site drops in and out of secure mode to do credit card transactions. We have a single instance of tomcat sitting behind an apache server. We have two virtual apache servers listed which talk to this tomcat. One os non-secure which takes the bulk of the action, and the other is setup as secure. When we want to take a user to secure, the next document is simple linked as a https connection rather than http. As the secure server is listening on the 443 port it picks it up instead of the non-secure one. The only issue we encountered when doing this is that when this happens it starts a new session. So anything stored in the http session (shopping basket) cannot been seen. The original designers of the system got arround this by using an RMI server and transfering objects through it to the new session. To say this was complicated and error prone would be an understatement. Recently we ripped this out and added the ID of the http session as a parameter to the urls going into the secure instance. By doing this, the Tomcat automatically looked for and reconnected to the orginal session. Thus allowing us to keep things simple and remove a lot of bug ridden code. Hope this helps. Regards, Derek Clarkson Global Applications Lonely Planet Publications ph: (03) 8379-8000 x8041 It's not a bug - it's an undocumented feature! -Original Message- From: Acácio Furtado Costa [mailto:[EMAIL PROTECTED] Sent: Thursday, 4 November 2004 4:32 AM To: [EMAIL PROTECTED] Subject: is it possible to go to https and return to http? We need to use https for authentication and in 1 or to 2 url´s in our application. In other case we prefer to stay in http mode . To do this we need to redirect the connection to https and return to http . How can we do this? Acacio Furtado Costa Pesquisa e Tecnologia GIA - Magnesita S/A *(0xx31) 3368-1349 * [EMAIL PROTECTED] __ This email, including attachments, is intended only for the addressee and may be confidential, privileged and subject to copyright. If you have received this email in error, please advise the sender and delete it. If you are not the intended recipient of this email, you must not use, copy or disclose its content to anyone. You must not copy or communicate to others content that is confidential or subject to copyright, unless you have the consent of the content owner. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is it possible to go to https and return to http?
Acácio Furtado Costa wrote: We need to use https for authentication and in 1 or to 2 url´s in our application. In other case we prefer to stay in http mode . To do this we need to redirect the connection to https and return to http . How can we do this? Check out sslext [ http://sslext.sourceforge.net ]. This is your best bet. -Toby - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
