You're right, by default if SSL is enabled Orion uses the SSL session to maintain your servlet session. For some reason, IE likes to renew the SSL connection every 2 or 3 minutes (I'm forgot the exact time), even if the user is continually browsing the same site. When this happens, Orion loses track of the session. Setting the shared flag to true forces Orion to use cookies or URL rewriting to maintain the session, which ought to solve the problem.
Andre -----Original Message----- From: Jon Iles [mailto:[EMAIL PROTECTED]] Sent: Monday, March 11, 2002 9:04 AM To: Orion-Interest Subject: RE: Random hiccups with Orion+https Hi, We were experiencing the same problem, adding shared="true" to the web-app tag in your web-site.xml file solves the problem. There appears to be an issue with browsers (IE?) tracking and maintaining SSL sessions correctly. I've no doubt someone better informed than me can fill in the details! Cheers, Jon > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Peltonen > Sent: 11 March 2002 10:17 > To: Orion-Interest > Subject: Random hiccups with Orion+https > > > > Orion 1.4.7 + https (a test ssl cert from Thawte installed following the > instructions at Atlassian site) is causing problems: You get > thrown out of > the applicaton now and then (randomly it seems). Without https the > application works fine. > > Is Orion's https code buggy (should we use Apache as frontend > instead), is > there some known problems with some specific browsers etc or what is > going on? > > Regards, > Peter > > > >
