You are going from http-->https and wish to retain the session in the transition.
With IE , Opera and Mozilla 1.4 - ALL OK Older Moz, and Netscape 7(and less) - a new session is made. (Not ok?)
If thats the case I have no clue but a workaround is to ditch the security constraint in web.xml and create a Filter on all pages which checks for request.isSecure() and issues a redirect doing the session encoding for you to the https version.
For example:
public void doFilter(...) {
if (request.isSecure()) {
chain.doFilter(request, response);
} else {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
StringBuffer url = request.getURL();
if (null!=request.getQueryString())
url.append("?").append(request.getQueryString()); response.sendRedirect("https://"; +
request.getServerName() +
response.encodeURL(url));
}
}
-TimPhilipp Leusmann wrote:
Hi,
in my Application I am running into trouble with getting the same session for http- and https-pages. I am using a security-constraint for some pages to use a https connection. But when the user gets a session on a http-page he doesn�t get the same session on a https-page. At least in Netscape7.0 and older Mozillas he doesn�t. In IE , Opera and Mozilla 1.4 it works without problems. Is there anything I can do about that? Can i alter security-constraints during runtime?
Thanks in advance, Philipp
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
