Hi Karl,
Thank you for feedback. I added shared="true" to my <web-app../>, it is
working ... except one thing: a cannot detect if my request is secure.
It seems that request.isSecure() method is always returning false
regardless
the request is secure or not.
Any suggestion ?
Peter
Karl Avedal wrote:
>
> Hello Peter,
>
> Actually, another user experienced the same thing this week, so we already looking
> into it.
>
> I'll forward the reply that user received:
>
> --- Forwarded -------
> Hi, we are still tracking down what you're experiencing but so far it seems
> like a JSSE issue. It seems to have a problem with maintaining (SSL)
> sessions to IE (IE is the only platform we could reproduce it on, have you
> experienced it in NS or any other browser?). We're about to ask the JSSE
> team if it's a known issue. In the meantime you can revert to ID (ie cookie
> or rewrite) based session tracking (instead of SSL-session) by ading
> shared="true" to your <web-app ../> node in web-site.xml. ie:
> <web-app application="myapp" name="myapp-web" shared="true" />.
>
> This has an impact on security of course so it depends on which level of
> security you need to maintain. We hope to get this resolved fairly quickly,
> either by some clarification by the Sun JSSE team or by trying out other
> JSSE implementations.
> ---
>
> Since then we have been talking to the JSSE team to clear this up.
>
> We will get back when we have a conclusive answer on the matter.
>
> Regards,
> Karl Avedal
>
> Peter wrote:
>
> > Hi there,
> >
> > I am developing an e-commerce application. Some of the storefront pages
> > such as
> > checkout, order status etc. must be secured. So I configured two
> > web-sites in
> > config.xml: default-web-site(localhost:80) and
> > secure-web-site(localhost:439).
> > Now I must jump from shoppingcart.jsp ( unsecure page) to checkout.jsp
> > ( secure page ). The problem is: the session ( and all the data ) is
> > lost ! I tried to encode
> > session id in the url, but i guess the session isn't shared by different
> > web-sites...
> > am I wrong ?
> >
> > Any idea or solution ?
> > Peter
