Hi there,
I am trying to setup an application to be accessed both by HTTP and
HTTPS, so i configured
two applications with common root ( /webs in my case ). I added
shared="true" to <web-app.../>
to force both applications share their sessions.
There are two page types: secured and unsecured. I want to redirect the
user transparently
to the secured version if he is trying to access a secured page using
HTTP, like this:
[ .. sec.jsp .. ]
if(!request.isSecure())
{
response.sendRedirect("https://localhost:439/webs/sec.jsp");
}
It is also possible to switch to HTTP is a unsecured page is accessed
through HTTPS:
[ .. unsec.jsp .. ]
if(request.isSecure())
{
response.sendRedirect("http://localhost:8080/webs/unsec.jsp");
}
It seems that request.isSecure() method is always returning false
regardless
the request is secure or not. I think it is a bug. I could use
request.getServerPort()
to detect on which port the page was requested, but this is not so
general.
How good this approach is ?
And one more question: I have a problem with Netscape. Cookies ( used
to maintain session)
accepted from unsecured site version ( localhost:8080 ), are not sent to
secured site version
( localhost:439 ) . How can I force Netscape to use same cookes for both
of them ? If I disable
cookies and use url rewriting all is working fine ( but this is not a
solution ). ( With IE I haven't
this problem )
Any suggestion ?
Peter
