> 1. This means that a session can be shared between resources accessed via HTTP
> and resources accessed via HTTPS. Correct?
Not to my knowlege. Sessions should be unique withing a host/port, and
HTTP/HTTPS are different ports.
> 2. If the web servers are clustered for load-balancing and fail-over, the
> session state will have to be replicated, shared or made persistent. Will this
> be done for SSL sessions as well?
The session itself is the same whether you use SSL, cookies or URIs. The
SSL part of the session, I'm not sure if it can be moved from one
machine to another. I think it an SSL session has to be bound to a
single machine.
However, generally you will have two sessions, a temporary one (the SSL
session) and a permanent one (using cookies/forms). The temporary one
only lasts until the client disconnects or server dies. The pemanent one
is persisted and brough up when the user re-connects to any given
machine
arkin
>
> >
> > /Magnus Stenman, the Orion team
> > http://www.orionserver.com
>
> --
> Jean-Baptiste Nizet
> [EMAIL PROTECTED]
>
> R&D Engineer, S1 Belgium
> Excelsiorlaan 87
> B-1930 Zaventem
> +32 2 714 45 42
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
--
----------------------------------------------------------------------
Assaf Arkin www.exoffice.com
CTO, Exoffice Technologies, Inc. www.exolab.org
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
