2005/12/6, Jim Reynolds <[EMAIL PROTECTED]>: > If I put a object into the request, and switched protocols, the > request object was no longer found? Since most struts work has
I see that when sslext switches from a protocol to another what is really happening is: a redirect is sent in the response to the user. So the client performs another request with the swapped protocol. So: 1-The client send a request with the first protocol 2-The server send a redirect to the client 3-The client sends a new request with the second protocol The original request is lost in 2, so if you put something in the request before 2, that may be lost as well. I said 'may' because, if I remeber well, sslext itself saves the request object in the session and when the new user request arrives restores the old request appending it as a query string on the new one. This is a behaviour not always good if you are coming out from a secure page (as may be the case when you perform a login) because I noticed that sometimes, exiting from a secure login session, you can see the username and password in the browser url. I resolve it with an addictional redirect (using a JSP forwarding to another, but there are many ways) to clean the request query string before leaving a secure channel. Even if sometimes the usage of sslext is a bit tricky, I think it works well for many things and I use it in my commercial applications. -- TREMALNAIK --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
