Re: form-based authentication

Jean-Baptiste Nizet Fri, 3 Mar 2000 11:43:56 -0800
Assaf Arkin wrote:

> > 1. This means that a session can be shared between resources accessed via HTTP
> > and resources accessed via HTTPS. Correct?
>
> Not to my knowlege. Sessions should be unique withing a host/port, and
> HTTP/HTTPS are different ports.
>

Sorry, typo : I meant "can't be shared"

>
> > 2. If the web servers are clustered for load-balancing and fail-over, the
> > session state will have to be replicated, shared or made persistent. Will this
> > be done for SSL sessions as well?
>
> The session itself is the same whether you use SSL, cookies or URIs. The
> SSL part of the session, I'm not sure if it can be moved from one
> machine to another. I think it an SSL session has to be bound to a
> single machine.
>
> However, generally you will have two sessions, a temporary one (the SSL
> session) and a permanent one (using cookies/forms). The temporary one
> only lasts until the client disconnects or server dies. The pemanent one
> is persisted and brough up when the user re-connects to any given
> machine
>
> arkin
>
> >
> > >
> > > /Magnus Stenman, the Orion team
> > > http://www.orionserver.com
> >
> > --
> > Jean-Baptiste Nizet
> > [EMAIL PROTECTED]
> >
> > R&D Engineer, S1 Belgium
> > Excelsiorlaan 87
> > B-1930 Zaventem
> > +32 2 714 45 42
> >
> > ===========================================================================
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> > of the message "signoff EJB-INTEREST".  For general help, send email to
> > [EMAIL PROTECTED] and include in the body of the message "help".
>
> --
> ----------------------------------------------------------------------
> Assaf Arkin                                           www.exoffice.com
> CTO, Exoffice Technologies, Inc.                        www.exolab.org
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST".  For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".

--
Jean-Baptiste Nizet
[EMAIL PROTECTED]

R&D Engineer, S1 Belgium
Excelsiorlaan 87
B-1930 Zaventem
+32 2 714 45 42

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
Re: form-based authentication

Reply via email to
