>From my perspective you should have a secure login.
if your login is passed from a non-secure area to a
secure area there's not really that much purpose in
providing the security in the first place. I would
finger that one as good dev tools (trying to stop you
from doing something you shouldn't). As for a
"domain" type session that is another matter. perhaps
a new feature. But I'd certainly hate to log into an
insecure domain and use that as my secure area login.
--- Charles Forsythe <[EMAIL PROTECTED]> wrote:
> Andy Nuss" <[EMAIL PROTECTED]> wrote:
> > > It seems like each webapp is a separate servlet
> context, which means
> > > that there is no way to share session info among
> different components
> > > of the site, if they are segmented as Webapps.
>
> Steve Quail wrote:
> >
> > Two words:
> > cookie
> > database
>
> Also don't forget an understanding of cookie
> domains. I had a "problem"
> when a session started on web.netvoice.net tried to
> move to
> secure.netvoice.net (these share the same Servlet
> container). Problem?
> I needed to change the Session cookie domain to
> ".netvoice.net".
>
> Third word: domain.
>
> -- Charles
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
