Thanks for the clarification Scott. +James P. --- Scott Ferguson <[EMAIL PROTECTED]> wrote:
> > On Jan 11, 2007, at 12:40 PM, James Picklesimer > wrote: > > > I have a developer who uses HTTP on a landing page > > then switches to HTTPS (SSL) with a small amount > of > > data from the non-secure page. > > > > My opinion is this is a bad practice for security, > but > > frying that fish is not for this forum. > > > > 1) does resin 3.0.18 or for that matter any J2EE > > container allow for switching sessions? > > It's mostly a browser issue. > > By default, the browser will send the same cookie > from the non-secure > site to the secure site automatically. (There's a > http-only flag > that can change this behavior for some browsers, > although I don't see > it in our schema. I thought we'd added it.) > > > > > 2) does this cause a new session to be created? > > It depends on how the virtual hosts are configured. > If there are > separate virtual hosts for SSL vs non-SSL, then > there are separate > sessions. If the same <host> handles both, it will > use the old session. > > > > 3) how does resin handle this (if legal according > to > > J2EE)? > > It's outside the scope of J2EE with the exception > that J2EE requires > that separate <web-app> have separate session > contexts. > > > 4) should I look at java docs for J2EE containers? > > If someone else has a better solution, we'd love to > add it as an > enhancement request. > > -- Scott > > > > > Thanks. > > +JP > > > > > > > > > ______________________________________________________________________ > > > ______________ > > Need a quick answer? Get one in minutes from > people who know. > > Ask your question on www.Answers.yahoo.com > > > > _______________________________________________ > > resin-interest mailing list > > resin-interest@caucho.com > > > http://maillist.caucho.com/mailman/listinfo/resin-interest > > > _______________________________________________ > resin-interest mailing list > resin-interest@caucho.com > http://maillist.caucho.com/mailman/listinfo/resin-interest > ____________________________________________________________________________________ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
