I didn't say I did it, and I didn't say it was a good idea, but I
said I had seen it done.
Randy
-Original Message-
From: David Wall [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 08, 2001 12:01 PM
To: [EMAIL PROTECTED]
Subject: Re: HttpSession across vir
ailto:[EMAIL PROTECTED]]
Sent: 08 February 2001 14:31
To: [EMAIL PROTECTED]
Subject: RE: HttpSession across virtual hosts
The http // https comparison doesn't work as cookies are sent or not
depending on the host, not on the protocol.
So if I have a valid session_id in a cookie in http, that wil
> What I've seen done, which doesn't necessarily make it secure, it to
> send some form of CartID. This ID identifies the Cart in some shared back
> end data store. Usually these are large numbers that contain enough
> information to determine if its a possible real value, or a number someone
>
David Oxley typed the following on 01:07 PM 2/8/2001 +
>>I sort-of understand what you're doing, but I'm not clear on a couple of
>details.
>>What do you mean when you say you've "coded a request"? How exactly is
>>the session ID passed from the original host to the new host, is this by a
>>fo
Randy Layman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 08, 2001 1:13 PM
To: [EMAIL PROTECTED]
Subject: RE: HttpSession across virtual hosts
What I've seen done, which doesn't necessarily make it secure, it to
send some form of CartID. This ID identifies the Cart in some
ROTECTED]]
Sent: Thursday, February 08, 2001 8:08 AM
To: '[EMAIL PROTECTED]'
Subject: RE: HttpSession across virtual hosts
>I sort-of understand what you're doing, but I'm not clear on a couple of
details.
>What do you mean when you say you've "coded a request"?
>I sort-of understand what you're doing, but I'm not clear on a couple of
details.
>What do you mean when you say you've "coded a request"? How exactly is
>the session ID passed from the original host to the new host, is this by a
>form field embedded into the HTML, or is it all on the server side
David Oxley typed the following on 10:38 AM 2/8/2001 +
>I know that the HttpSession is only valid on the virtual host it was created
>on. This is more of a security question. We currently have our own session
>class that gets stored in an HttpSession 1:1 ratio. So we've coded a request
>that a