My finding is that Netscape Navigator browsers (both 4.x and 6.x) don't share cookies accross ports, while Internet Explorer does. I also have an app where user can choose to login over secure connection, and was experiencing session loss when returning to unsecured communication after login. I solved this by forcing the user to stay in secure mode if User-Agent header indicates they're using some flavor of Netscape Navigator.
Attila. ----- Original Message ----- From: "David White" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: 2001. december 9. 22:22 Subject: Possible To Share A Session Across Ports 8080 and 8443? > Due to problems with my cable modem, please respond via email as well as to > the list if possible. Thanks... > > I am running Tomcat 3.2.x in development mode with default http on port 8080 > and default https on port 8443. > > My web application needs to switch in and out of https on occasion while > prompting for/passing sensitive info. The rest of the time, it is fine in > normal http. > > I have found (experimentally) that the browser does not seem to be passing > the cookie containing the JSESSIONID value back and forth between urls like > http://hostname:8080/webapp and httpa://hostname:8443/webapp. I am guessing > that this is because the host names are different and the browser maintains > cookies on a per-host name basis. > > So when I do the switch between http and https, I loose my session data. I > have tried getting the value of the JSESSIONID cookie and appending its > value to the url I go to whilst switching (ex. > http://hostname:8443/webapp;jessionid=xxx) hoping that I could get the > session info maintained. > > However, this did not appear to work either. Can anyone please give me a way > to do this? If I use the default ports (80 and 443), I do not have to place > the port id in with the hostname on the url. In this circumstance, I do get > session state preserved. This would appear to be because the hostname > portion of the url does not "change". > > It is just something of a pain to use ports lower than 1024 on Linux for > development (have to be root). > > Thanks in advance for you help. > > David > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > > > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
