Thanks for the info. I was afraid it would take something like that. I
seems to me that not being able share session/application data between
http and https is a major weakness of the current implementations. I
think that most serious web apps need to operate in both secure and
insecure modes. It would be great if WebLogic could make this a
configurable choice.
Carles
Alexander Petrushko wrote:
>
> Carles,
>
> If you use Servlet 2.0-compliant container (WebLogic 3.1.x), you can do this by
>passing the
> session ID encoded as a parameter in your request from http to https and vice versa.
>The
> session can be had by ID via HttpSessionContext's getSession(String id) method.
>Warning:
> 3.1.x has bugs when it comes to rewriting URLs with session IDs but you'll have to
>do it
> manually anyway since no rewriting should occur across contexts.
>
> If you use Servlet 2.1 or later-compliant container (WebLogic 4.5 implements 2.1),
>you'll have
> to persist your session and then pass a key that uniquely identifies this newly
>created 'record'.
> You can do it in a container-independent fashion by using your domain model (your own
> schema and method of persistence; can be done in memory) or use your knowledge of
> WebLogic to construct a solution particular to its behaviour vis a vis HTTP sessions
>and their
> persistence, if any.
>
> Good luck,
>
> Alex
> mailto:[EMAIL PROTECTED]
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
