Sessions are not shared accross http / https boundries. This is an artifact of the browser. It will deliberately not recognise http and https pages as being in the same "context" and will generate a new session id cookie as soon as the transition from http to https is made. This is for security reasons as whatever was done in http is vulnerable and therefore cannot be trusted by an https session.
Either start your https session earlier - like as soon as the user starts filling the shopping cart - it' not that expensive, or explicity post everything to the first page in the https seesion. > -----Original Message----- > From: Alireza Nahavandi [SMTP:[EMAIL PROTECTED]] > Sent: 04 December 2002 06:02 > To: [EMAIL PROTECTED] > Subject: Secure server > > Hi everybody, > > I think there was a discussion about this problem before.... > > I need some help with secure server. > > I have a session object for a shopping cart : > > <jsp:usebean id="cart" scope="session" class="shop.Cart" /> > > For checking out I need to call programs from a path like : > > https://secure.shop.com/chk1.jsp > > In chk1.jsp still I have the definition of cart like before : > > <jsp:usebean id="cart" scope="session" class="shop.Cart" /> > > But the session is empty. > > Has anybody faced this problem before. Any solution? > > Thank you in advance. > > ========================================================================== > = > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff > JSP-INTEREST". > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST > DIGEST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://archives.java.sun.com/jsp-interest.html > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.jsp > http://www.jguru.com/faq/index.jsp > http://www.jspinsider.com -- It is the strict policy of Truworths that its e-mail facility and all e-mail communications emanating therefrom, should be utilised for business purposes only and should conform to high professional and business standards. Truworths has stipulated certain regulations in terms whereof strict guidelines relating to the use and content of e-mail communications are laid down. The use of the Truworths e-mail facility is not permitted for the distribution of chain letters or offensive mail of any nature whatsoever. Truworths hereby distances itself from and accepts no liability in respect of the unauthorised use of its e-mail facility or the sending of e-mail communications for other than strictly business purposes. Truworths furthermore disclaims liability for any unauthorised instruction for which permission was not granted. Truworths Limited accepts no liability for any consequences arising from or as a result of reliance on this message unless it is in respect of bona fide Truworths business for which proper authorisation has been granted. Any recipient of an unacceptable communication, a chain letter or offensive material of any nature is requested to notify the Truworths e-mail administrator ([EMAIL PROTECTED]) immediately in order that appropriate action can be taken against the individual concerned. =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
