Hi Guys,
Using HASH table seems working. Thank you very much for your answers. There
is another problem here :
Suppose that I have a shopping cart as a session object :
<jsp:usebean id="cart" scope="session" class="shop.Cart" />
This line is on top of related jsp files.
While I am working in a non-secure server everything is fine. I can add to
this session and get it in other JSPs.
But in secure server when I populate the object with HASH table content.
Other JSPs can not see the content. This is how
I do this. Am I missing anything?
Thank you in advance.
....
private Hashtable carts = new Hashtable();
....
// adding shopping cart to Hash table
public void addCartToHashTable(Cart cart, String key) {
this.carts.put(key, cart);
}
.....
// retrieving shopping cart from Hash table
public Cart rtrvCart(Cart cart, String key) {
cart = (Cart)this.carts.get(key);
return cart;
}
-----Original Message-----
From: A mailing list about Java Server Pages specification and reference
[mailto:[EMAIL PROTECTED]]On Behalf Of Mattias Jiderhamn
Sent: Thursday, December 05, 2002 10:27 AM
To: [EMAIL PROTECTED]
Subject: Re: Secure server
Read the docs of your container about sessions. Resin can store session
information on disk and in a database, maybe that could be a workaround for
transferring session from HTTP -> HTTS?
Another idea (apart from Adrian's) would be to put all the data you need to
transfer in some structure (hashtable) in the application scope, and include
a unique key in the secure shopping form, so the new HTTPS session will
retrieve the old data from the application scope. You have to be very
carefull about security though.
> -----Original Message-----
> From: A mailing list about Java Server Pages specification and reference
> [mailto:[EMAIL PROTECTED]]On Behalf Of Alireza Nahavandi
> Sent: Thursday, December 05, 2002 2:47 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Secure server
>
>
> Hi guys,
>
> Thank you for your responses. I tested URL rewriting. It did not work. Any
> other solution?
>
> Thank you again.
>
> -----Original Message-----
> From: A mailing list about Java Server Pages specification and reference
> [mailto:[EMAIL PROTECTED]]On Behalf Of Adrian Janssen
> Sent: Thursday, December 05, 2002 2:59 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Secure server
>
>
> Yeah good idea - would certainly solve the browser side issue. Does tomcat
> (or any aother servlet container) preserve sessions accross http / https?
>
> > -----Original Message-----
> > From: Mattias Jiderhamn [SMTP:[EMAIL PROTECTED]]
> > Sent: 05 December 2002 09:54
> > To: [EMAIL PROTECTED]
> > Subject: Re: Secure server
> >
> > Using URL rewriting when posting from the http session to the https
> > session
> > should also work ... right?
> >
> > > -----Original Message-----
> > > From: A mailing list about Java Server Pages specification
> and reference
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Adrian Janssen
> > > Sent: Thursday, December 05, 2002 7:48 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: Secure server
> > >
> > >
> > > Sessions are not shared accross http / https boundries. This is
> > > an artifact
> > > of the browser. It will deliberately not recognise http and
> https pages
> > as
> > > being in the same "context" and will generate a new session
> id cookie as
> > > soon as the transition from http to https is made. This is
> for security
> > > reasons as whatever was done in http is vulnerable and
> therefore cannot
> > be
> > > trusted by an https session.
> > >
> > > Either start your https session earlier - like as soon as the user
> > starts
> > > filling the shopping cart - it' not that expensive, or explicity post
> > > everything to the first page in the https seesion.
> > > > -----Original Message-----
> > > > From: Alireza Nahavandi [SMTP:[EMAIL PROTECTED]]
> > > > Sent: 04 December 2002 06:02
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Secure server
> > > >
> > > > Hi everybody,
> > > > I think there was a discussion about this problem before....
> > > > I need some help with secure server.
> > > > I have a session object for a shopping cart :
> > > > <jsp:usebean id="cart" scope="session" class="shop.Cart" />
> > > > For checking out I need to call programs from a path like :
> > > > https://secure.shop.com/chk1.jsp
> > > > In chk1.jsp still I have the definition of cart like before :
> > > > <jsp:usebean id="cart" scope="session" class="shop.Cart" />
> > > > But the session is empty.
> > > > Has anybody faced this problem before. Any solution?
> > > > Thank you in advance.
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://archives.java.sun.com/jsp-interest.html
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.jsp
http://www.jguru.com/faq/index.jsp
http://www.jspinsider.com
