RE: session drop from https to http
Hi, Please note that the problem I describe only happen in the first time the HTTP and HTTPS combination is performed. For example if I use http and then https and then http the session stays the same. But if I start with https and then http then the session drops and a new session is allocated and then if I move to https and the http every thing is then fine. Any ideas how to resolve this problem? Thanks Amir -Original Message- From: josemanuel lopez [mailto:[EMAIL PROTECTED] Sent: Monday, August 28, 2006 1:00 AM To: Tomcat Users List Subject: Re: session drop from https to http Hi The reazon is because the seesion is created with info from the call: example: IP address, Port Etc, and Tomcat has to create a new session because the info is different, I'm being trying to find a solution for this problem, but still I'm working on that. I'll keep you posted...or if you find a solution please forward that to me Thanks --- Amir S [EMAIL PROTECTED] wrote: Hi All, I have a Jakarta 5.0.28. When entering the tomcat first https://127.0.0.1/a.jsp and then http://127.0.0.1/b.jsp The sessionID changes?! In the revise (http://127.0.0.1/b.jsp and then https://127.0.0.1/a.jsp) order it does not, why is that?! How can I fix it? Please note that the different is in the HTTPS and HTTP order. Regards, Amir S - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session drop from https to http
On 8/28/06, Amir S [EMAIL PROTECTED] wrote: Hi, Please note that the problem I describe only happen in the first time the HTTP and HTTPS combination is performed. For example if I use http and then https and then http the session stays the same. But if I start with https and then http then the session drops and a new session is allocated and then if I move to https and the http every thing is then fine. Any ideas how to resolve this problem? Don't drop to http. -Original Message- From: josemanuel lopez [mailto:[EMAIL PROTECTED] Sent: Monday, August 28, 2006 1:00 AM To: Tomcat Users List Subject: Re: session drop from https to http Hi The reazon is because the seesion is created with info from the call: example: IP address, Port Etc, and Tomcat has to create a new session because the info is different, I'm being trying to find a solution for this problem, but still I'm working on that. I'll keep you posted...or if you find a solution please forward that to me Thanks --- Amir S [EMAIL PROTECTED] wrote: Hi All, I have a Jakarta 5.0.28. When entering the tomcat first https://127.0.0.1/a.jsp and then http://127.0.0.1/b.jsp The sessionID changes?! In the revise (http://127.0.0.1/b.jsp and then https://127.0.0.1/a.jsp) order it does not, why is that?! How can I fix it? Please note that the different is in the HTTPS and HTTP order. Regards, Amir S - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -=-=-=-=-=-=-=-=-=-=-=-=- Andrés González. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session drop from https to http
What is the reason to mix http and https? Why don't you serve all your pages with https? I think the performance argument is not relevant anymore... On 8/28/06, Duong BaTien [EMAIL PROTECTED] wrote: Greetings: I have the same problem and look for any suggested solution. In my case, any user coming to the site has a session tag with username such as Guest-xxx. The user is dynamically directed to secure (https) and non-secure (http) section depending on the requested resources. Currently, a user needs to signOn twice with the same username before the identified session is sticked. Thanks. On Mon, 2006-08-28 at 13:20 +0200, Amir S wrote: Hi, Please note that the problem I describe only happen in the first time the HTTP and HTTPS combination is performed. For example if I use http and then https and then http the session stays the same. But if I start with https and then http then the session drops and a new session is allocated and then if I move to https and the http every thing is then fine. Any ideas how to resolve this problem? Thanks Amir -Original Message- From: josemanuel lopez [mailto:[EMAIL PROTECTED] Sent: Monday, August 28, 2006 1:00 AM To: Tomcat Users List Subject: Re: session drop from https to http Hi The reazon is because the seesion is created with info from the call: example: IP address, Port Etc, and Tomcat has to create a new session because the info is different, I'm being trying to find a solution for this problem, but still I'm working on that. I'll keep you posted...or if you find a solution please forward that to me Thanks --- Amir S [EMAIL PROTECTED] wrote: Hi All, I have a Jakarta 5.0.28. When entering the tomcat first https://127.0.0.1/a.jsp and then http://127.0.0.1/b.jsp The sessionID changes?! In the revise (http://127.0.0.1/b.jsp and then https://127.0.0.1/a.jsp) order it does not, why is that?! How can I fix it? Please note that the different is in the HTTPS and HTTP order. Regards, Amir S - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -=-=-=-=-=-=-=-=-=-=-=-=- Andrés González. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
session drop from https to http
Hi All, I have a Jakarta 5.0.28. When entering the tomcat first https://127.0.0.1/a.jsp and then http://127.0.0.1/b.jsp The sessionID changes?! In the revise (http://127.0.0.1/b.jsp and then https://127.0.0.1/a.jsp) order it does not, why is that?! How can I fix it? Please note that the different is in the HTTPS and HTTP order. Regards, Amir S - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session drop from https to http
Hmm...kind of makes sense doesn't it? I mean there are a lot of apps that use the sessionID as a key of sorts for access or cookie management so its ok to go from a http to https connections with the same session ID because extra security is involved but not ok to go from https to http connection with the same sessionID cause tis insecure. I'm sure someone on the list can tell you how to actually make it happen the way you want but this is just my 2 cts. On 8/27/06, Amir S [EMAIL PROTECTED] wrote: Hi All, I have a Jakarta 5.0.28. When entering the tomcat first https://127.0.0.1/a.jsp and then http://127.0.0.1/b.jsp The sessionID changes?! In the revise (http://127.0.0.1/b.jsp and then https://127.0.0.1/a.jsp) order it does not, why is that?! How can I fix it? Please note that the different is in the HTTPS and HTTP order. Regards, Amir S - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session drop from https to http
Hi The reazon is because the seesion is created with info from the call: example: IP address, Port Etc, and Tomcat has to create a new session because the info is different, I'm being trying to find a solution for this problem, but still I'm working on that. I'll keep you posted...or if you find a solution please forward that to me Thanks --- Amir S [EMAIL PROTECTED] wrote: Hi All, I have a Jakarta 5.0.28. When entering the tomcat first https://127.0.0.1/a.jsp and then http://127.0.0.1/b.jsp The sessionID changes?! In the revise (http://127.0.0.1/b.jsp and then https://127.0.0.1/a.jsp) order it does not, why is that?! How can I fix it? Please note that the different is in the HTTPS and HTTP order. Regards, Amir S - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session drop from https to http
josemanuel lopez wrote: Hi The reazon is because the seesion is created with info from the call: example: IP address, Port Etc, and Tomcat has to create a new session because the info is different, I'm being trying to find a solution for this problem, but still I'm working on that. I'll keep you posted...or if you find a solution please forward that to me This is not the case. The reason is that any session created via https will not transfer to http to protect the security of the session. This is why sessions can transfer from http to https. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session drop from https to http
Hi Mark, I have a session started with http for login I called hppts and the session is different th einfo created under http can not be retrived by the second session created by htts, any idea how can I get info from one session to another or better that how to share info from sessions. Thanks --- Mark Thomas [EMAIL PROTECTED] wrote: josemanuel lopez wrote: Hi The reazon is because the seesion is created with info from the call: example: IP address, Port Etc, and Tomcat has to create a new session because the info is different, I'm being trying to find a solution for this problem, but still I'm working on that. I'll keep you posted...or if you find a solution please forward that to me This is not the case. The reason is that any session created via https will not transfer to http to protect the security of the session. This is why sessions can transfer from http to https. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session drop from https to http
josemanuel lopez wrote: Hi Mark, I have a session started with http for login I called hppts and the session is different th einfo created under http can not be retrived by the second session created by htts, any idea how can I get info from one session to another or better that how to share info from sessions. The simple solution is do everything under https. For other solutions, search the archives. This comes up fairly regularly. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]