Using URL rewriting when posting from the http session to the https session should also work ... right?
> -----Original Message----- > From: A mailing list about Java Server Pages specification and reference > [mailto:[EMAIL PROTECTED]]On Behalf Of Adrian Janssen > Sent: Thursday, December 05, 2002 7:48 AM > To: [EMAIL PROTECTED] > Subject: Re: Secure server > > > Sessions are not shared accross http / https boundries. This is > an artifact > of the browser. It will deliberately not recognise http and https pages as > being in the same "context" and will generate a new session id cookie as > soon as the transition from http to https is made. This is for security > reasons as whatever was done in http is vulnerable and therefore cannot be > trusted by an https session. > > Either start your https session earlier - like as soon as the user starts > filling the shopping cart - it' not that expensive, or explicity post > everything to the first page in the https seesion. > > > -----Original Message----- > > From: Alireza Nahavandi [SMTP:[EMAIL PROTECTED]] > > Sent: 04 December 2002 06:02 > > To: [EMAIL PROTECTED] > > Subject: Secure server > > > > Hi everybody, > > > > I think there was a discussion about this problem before.... > > > > I need some help with secure server. > > > > I have a session object for a shopping cart : > > > > <jsp:usebean id="cart" scope="session" class="shop.Cart" /> > > > > For checking out I need to call programs from a path like : > > > > https://secure.shop.com/chk1.jsp > > > > In chk1.jsp still I have the definition of cart like before : > > > > <jsp:usebean id="cart" scope="session" class="shop.Cart" /> > > > > But the session is empty. > > > > Has anybody faced this problem before. Any solution? > > > > Thank you in advance. > > > > > ========================================================================== > > = > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff > > JSP-INTEREST". > > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST > > DIGEST". > > Some relevant FAQs on JSP/Servlets can be found at: > > > > http://archives.java.sun.com/jsp-interest.html > > http://java.sun.com/products/jsp/faq.html > > http://www.esperanto.org.nz/jsp/jspfaq.jsp > > http://www.jguru.com/faq/index.jsp > > http://www.jspinsider.com > -- > > It is the strict policy of Truworths that its e-mail facility and all > e-mail communications emanating therefrom, should be utilised for > business purposes only and should conform to high professional and > business standards. Truworths has stipulated certain regulations in > terms whereof strict guidelines relating to the use and content of > e-mail communications are laid down. The use of the Truworths e-mail > facility is not permitted for the distribution of chain letters or > offensive mail of any nature whatsoever. Truworths hereby distances > itself from and accepts no liability in respect of the unauthorised > use of its e-mail facility or the sending of e-mail communications > for other than strictly business purposes. Truworths furthermore > disclaims liability for any unauthorised instruction for which > permission was not granted. Truworths Limited accepts no liability > for any consequences arising from or as a result of reliance on this > message unless it is in respect of bona fide Truworths business for > which proper authorisation has been granted. > > Any recipient of an unacceptable communication, a chain letter or > offensive material of any nature is requested to notify the Truworths > e-mail administrator ([EMAIL PROTECTED]) immediately in order that > appropriate action can be taken against the individual concerned. > > ================================================================== > ========= > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff > JSP-INTEREST". > For digest: mailto [EMAIL PROTECTED] with body: "set > JSP-INTEREST DIGEST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://archives.java.sun.com/jsp-interest.html > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.jsp > http://www.jguru.com/faq/index.jsp > http://www.jspinsider.com > =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
