My installation is Apache2+Tomcat4+mod_ssl. I am running a http main server along with a https virtual host on an aliased ip address. To track users I created a session bean which holds user info ( e-mail, login status ). Naturally this bean holds vital information as it allows links to the users transactions such as shopping cart transactions.
The bean is accessible by both servers (same machine and application directory tree). The SSL enabled virtual host now serves my Login, Registration and Shopping Cart JSP's while the main server serves the non-secure pages. Before I implemented SSL the strategy of using a bean to track users was sound, but now it seems that the bean is not persistant between the main server and virtual host. My guess is that main server and the virtual host have their own version of the bean. Therefore, the bean in my virtual host is out of scope once I navigate back to page controlled by the main server. The result is that the main server is left unaware if the user has logged in or whether or not the user has a shopping cart containing items. Is there a better strategy for communicating information like this between the main server and the virtual host. I am reluctant to try using cookies. I've tried the java.sun.com JSP forum with no success. Maybe you guys can help even if this post is a little off subject for this forum.
