David Oxley typed the following on 10:38 AM 2/8/2001 +
I know that the HttpSession is only valid on the virtual host it was created
on. This is more of a security question. We currently have our own session
class that gets stored in an HttpSession 1:1 ratio. So we've coded a request
that
: Thursday, February 08, 2001 8:08 AM
To: '[EMAIL PROTECTED]'
Subject: RE: HttpSession across virtual hosts
I sort-of understand what you're doing, but I'm not clear on a couple of
details.
What do you mean when you say you've "coded a request"? How exactly is
the session ID passed from the ori
Layman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 08, 2001 1:13 PM
To: [EMAIL PROTECTED]
Subject: RE: HttpSession across virtual hosts
What I've seen done, which doesn't necessarily make it secure, it to
send some form of CartID. This ID identifies the Cart in some shared back
end
David Oxley typed the following on 01:07 PM 2/8/2001 +
I sort-of understand what you're doing, but I'm not clear on a couple of
details.
What do you mean when you say you've "coded a request"? How exactly is
the session ID passed from the original host to the new host, is this by a
form field
What I've seen done, which doesn't necessarily make it secure, it to
send some form of CartID. This ID identifies the Cart in some shared back
end data store. Usually these are large numbers that contain enough
information to determine if its a possible real value, or a number someone
made
:[EMAIL PROTECTED]]
Sent: 08 February 2001 14:31
To: [EMAIL PROTECTED]
Subject: RE: HttpSession across virtual hosts
The http // https comparison doesn't work as cookies are sent or not
depending on the host, not on the protocol.
So if I have a valid session_id in a cookie in http, that will still
