Jean-Baptiste Nizet wrote:
>
> Assaf Arkin wrote:
>
> > > 1. This means that a session can be shared between resources accessed via HTTP
> > > and resources accessed via HTTPS. Correct?
> >
> > Not to my knowlege. Sessions should be unique withing a host/port, and
> > HTTP/HTTPS are different ports.
> >
>
> Sorry, typo : I meant "can't be shared"
I got a clarification and actually sessions can, in theory, be shared
between HTTP and HTTPS if you use some server dependent mechanism to
move them around (e.g. URL session IDs). But don't expect Servlet
engines to easily support that.
arkin
>
> >
> > > 2. If the web servers are clustered for load-balancing and fail-over, the
> > > session state will have to be replicated, shared or made persistent. Will this
> > > be done for SSL sessions as well?
> >
> > The session itself is the same whether you use SSL, cookies or URIs. The
> > SSL part of the session, I'm not sure if it can be moved from one
> > machine to another. I think it an SSL session has to be bound to a
> > single machine.
> >
> > However, generally you will have two sessions, a temporary one (the SSL
> > session) and a permanent one (using cookies/forms). The temporary one
> > only lasts until the client disconnects or server dies. The pemanent one
> > is persisted and brough up when the user re-connects to any given
> > machine
> >
> > arkin
> >
> > >
> > > >
> > > > /Magnus Stenman, the Orion team
> > > > http://www.orionserver.com
> > >
> > > --
> > > Jean-Baptiste Nizet
> > > [EMAIL PROTECTED]
> > >
> > > R&D Engineer, S1 Belgium
> > > Excelsiorlaan 87
> > > B-1930 Zaventem
> > > +32 2 714 45 42
> > >
> > > ===========================================================================
> > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> > > of the message "signoff EJB-INTEREST". For general help, send email to
> > > [EMAIL PROTECTED] and include in the body of the message "help".
> >
> > --
> > ----------------------------------------------------------------------
> > Assaf Arkin www.exoffice.com
> > CTO, Exoffice Technologies, Inc. www.exolab.org
> >
> > ===========================================================================
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> > of the message "signoff EJB-INTEREST". For general help, send email to
> > [EMAIL PROTECTED] and include in the body of the message "help".
>
> --
> Jean-Baptiste Nizet
> [EMAIL PROTECTED]
>
> R&D Engineer, S1 Belgium
> Excelsiorlaan 87
> B-1930 Zaventem
> +32 2 714 45 42
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
