Hi Derek Do you append the session to the address when you go to http? Are you using the same session for http and https? Do you have any concern about security?
I am facing this problem ATM and would love to hear your advise. Thanks, Ben On Thu, 4 Nov 2004 11:04:46 +1100, Derek Clarkson <[EMAIL PROTECTED]> wrote: > > Hi, > Our site drops in and out of secure mode to do credit card transactions. We > have a single instance of tomcat sitting behind an apache server. We have > two virtual apache servers listed which talk to this tomcat. One os > non-secure which takes the bulk of the action, and the other is setup as > secure. When we want to take a user to secure, the next document is simple > linked as a https connection rather than http. As the secure server is > listening on the 443 port it picks it up instead of the non-secure one. > > The only issue we encountered when doing this is that when this happens it > starts a new session. So anything stored in the http session (shopping > basket) cannot been seen. The original designers of the system got arround > this by using an RMI server and transfering objects through it to the new > session. To say this was complicated and error prone would be an > understatement. Recently we ripped this out and added the ID of the http > session as a parameter to the urls going into the secure instance. By doing > this, the Tomcat automatically looked for and reconnected to the orginal > session. Thus allowing us to keep things simple and remove a lot of bug > ridden code. > > Hope this helps. > > Regards, > Derek Clarkson > Global Applications > Lonely Planet Publications > ph: (03) 8379-8000 x8041 > "It's not a bug - it's an undocumented feature!" > > > > -----Original Message----- > From: Acácio Furtado Costa [mailto:[EMAIL PROTECTED] > Sent: Thursday, 4 November 2004 4:32 AM > To: [EMAIL PROTECTED] > Subject: is it possible to go to https and return to http? > > We need to use https for authentication and in 1 or to 2 url´s in our > application. > > In other case we prefer to stay in http mode . To do this we need to > redirect the connection to https and return to http . > > How can we do this? > > Acacio Furtado Costa > Pesquisa e Tecnologia > > GIA - Magnesita S/A > *(0xx31) 3368-1349 > * [EMAIL PROTECTED] > > > ______________________________________________________________________ > This email, including attachments, is intended only for the addressee > and may be confidential, privileged and subject to copyright. If you > have received this email in error, please advise the sender and delete > it. If you are not the intended recipient of this email, you must not > use, copy or disclose its content to anyone. You must not copy or > communicate to others content that is confidential or subject to > copyright, unless you have the consent of the content owner. > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
