Currently, I have created a servlet which handles a multi-form transaction.
It is unnecessary that the information I receive from the user be
transmitted securely. After I have received all the user information, I want
to redirect the request to another servlet which will be https and handle
the credit card information. From the https servlet, I want to access the
user's original session object (all the user's information is stored there).
In order to do this, I use the following code:
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException
{
try { HttpSession session = req.getSession(true);
String id = req.getParameter("id");
HttpSessionContext context = session.getSessionContext();
session = context.getSession(id);
....
} catch {...}
}
Does the HttpSessionContext class have any security issues? Is there a
better way of passing the user's data to from the non-secure servlet to the
secure servlet?
- Jonathan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
