i dont think https and http requests from the same machine will be having any impact on the session created already. I mean even if u call request.getSession(true) in a secure page and if a valid session already exists , nothinng like "creating a new session and invalidating it" will happen. There will not any difference between a http request and https request from web server point of view, except that they are received on different ports and one needs to be decrypted before processing
any detailed explaination on this will be appreciated On 7/19/05, Mufaddal Khumri <[EMAIL PROTECTED]> wrote: > Hello, > > I wanted to verify if I am understanding this right. > > The website has certain sections of it using HTTPS (secure) and certain > sections use only HTTP (unsecure). > > 1. A new session resulting from a call to request.getSession(true) in a > secure area of a website is invalidated automatically when the session > transitions from the secure to an unsecure area of the website. > > 2. A new session resulting from a call to request.getSession(true) in an > unsecure area of a website is untouched when the session transitions > from the unsecure to a secure area of the website and from the unsecure > to a secure area of the website. > > Am I understanding 1 and 2 right? > > Thanks, > Mufaddal. > > ------------------------------------------------------------------------------------------ > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity > to whom they are addressed. If you have received this > email in error please notify the system manager. Please > note that any views or opinions presented in this email > are solely those of the author and do not necessarily > represent those of the company. Finally, the recipient > should check this email and any attachments for the > presence of viruses. The company accepts no liability for > any damage caused by any virus transmitted by this email. > Consult your physician prior to the use of any medical > supplies or product. > ------------------------------------------------------------------------------------------ > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
