I have a developer who uses HTTP on a landing page
then switches to HTTPS (SSL) with a small amount of
data from the non-secure page.

My opinion is this is a bad practice for security, but
frying that fish is not for this forum. 

1) does resin 3.0.18 or for that matter any J2EE
container allow for switching sessions?

2) does this cause a new session to be created? 

3) how does resin handle this (if legal according to
J2EE)?

4) should I look at java docs for J2EE containers?

Thanks.
+JP


 
____________________________________________________________________________________
Need a quick answer? Get one in minutes from people who know.
Ask your question on www.Answers.yahoo.com

_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to