RE: HttpSession across virtual hosts

2001-02-08 Thread Randy Layman
I didn't say I did it, and I didn't say it was a good idea, but I said I had seen it done. Randy -Original Message- From: David Wall [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 08, 2001 12:01 PM To: [EMAIL PROTECTED] Subject: Re: HttpSession across vir

RE: HttpSession across virtual hosts

2001-02-08 Thread David Oxley
ailto:[EMAIL PROTECTED]] Sent: 08 February 2001 14:31 To: [EMAIL PROTECTED] Subject: RE: HttpSession across virtual hosts The http // https comparison doesn't work as cookies are sent or not depending on the host, not on the protocol. So if I have a valid session_id in a cookie in http, that wil

Re: HttpSession across virtual hosts

2001-02-08 Thread David Wall
> What I've seen done, which doesn't necessarily make it secure, it to > send some form of CartID. This ID identifies the Cart in some shared back > end data store. Usually these are large numbers that contain enough > information to determine if its a possible real value, or a number someone >

RE: HttpSession across virtual hosts

2001-02-08 Thread Kief Morris
David Oxley typed the following on 01:07 PM 2/8/2001 + >>I sort-of understand what you're doing, but I'm not clear on a couple of >details. >>What do you mean when you say you've "coded a request"? How exactly is >>the session ID passed from the original host to the new host, is this by a >>fo

RE: HttpSession across virtual hosts

2001-02-08 Thread Alistair Hopkins
Randy Layman [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 08, 2001 1:13 PM To: [EMAIL PROTECTED] Subject: RE: HttpSession across virtual hosts What I've seen done, which doesn't necessarily make it secure, it to send some form of CartID. This ID identifies the Cart in some

RE: HttpSession across virtual hosts

2001-02-08 Thread Randy Layman
ROTECTED]] Sent: Thursday, February 08, 2001 8:08 AM To: '[EMAIL PROTECTED]' Subject: RE: HttpSession across virtual hosts >I sort-of understand what you're doing, but I'm not clear on a couple of details. >What do you mean when you say you've "coded a request"?

RE: HttpSession across virtual hosts

2001-02-08 Thread David Oxley
>I sort-of understand what you're doing, but I'm not clear on a couple of details. >What do you mean when you say you've "coded a request"? How exactly is >the session ID passed from the original host to the new host, is this by a >form field embedded into the HTML, or is it all on the server side

Re: HttpSession across virtual hosts

2001-02-08 Thread Kief Morris
David Oxley typed the following on 10:38 AM 2/8/2001 + >I know that the HttpSession is only valid on the virtual host it was created >on. This is more of a security question. We currently have our own session >class that gets stored in an HttpSession 1:1 ratio. So we've coded a request >that a