We are using JSP and are encountering a problem, which shows up only while using the Netscape browser (with IE it works fine):
In a secure (HTTPS) page, we create a Session. Then, we redirect (using sendRedirect()) to a non-secure (HTTP) page. When we try to get the Session in the non-secure page, we get null.
The session will be tracked through a cookie and netscape considers
that the jump between SSL and non-SSL means that the cookie
shouldn't follow. It's a security violation that MSIE doesn't seem to
bothered about.
Way around it, try wrapping the URL use encodeRedirectUrl from the
HttpServletResponse object. Not sure how to force it put the session tracking
data into the URL, as this is server specific (or so I've read) ...
For the record, we use IBM WebSphere and IIS.
Thanks.
--
Subvert the dominant paradigm
http://www.cyber4.org/members/grumpy/index.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
