I access a JSP SessionTest.jsp using http. The jsp contains a link which
looks like:
<a href='<%response.encodeUrl("https://someurl";)%>'>go to new link</a>
Nothing is added to the encoded url, i.e. no url rewriting takes place.
When I access the same JSP page using https to start with, the rewriting
works fine.
I wonder if it has something to do how the virtual servers (the http and the
https) are set up?
Pat
P.S. To the best of my knowledge, this e-mail should be sent in plain text
format, not html, at least that is what my browser tells me. Please advice
if incorrect.
-----Original Message-----
From: Li Liang [mailto:[EMAIL PROTECTED]]
Sent: Mittwoch, 25. Juli 2001 20:09
To: [EMAIL PROTECTED]
Subject: RE: keeping sessions when switching from http to https
I guess that's the way Tomcat parses the session info from request. When
it gets the cookie, everything is fine that it can get "jsessionid" from
the cookie and passes it back.
But without cookie, it needs to rewrite the url. I saw somebody said
that "https" and "http" are different schemes that
HttpServletResponse.encodueURL() cannot encode the existing session id
(for "http") into the "https" URL, thus practically prevents the session
passed on to "https".
This IS a problem. Many handheld devices don't support cookie at all. I
am supprised that nobody has declared successfully solving this problem
yet.
Brigger, can you please check when turning off cookie, is the
"jsessionid" correctly encoded into the returned "https" url?
Thanks.
Li
-----Original Message-----
From: William Kaufman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 11:04 AM
To: '[EMAIL PROTECTED]'
Subject: RE: keeping sessions when switching from http to https
Are you encoding the cross-protocol links (with
HttpServletResponse.encode[Redirect]URL())?
The only reason I ask is that it seems strange that it does OK with
cookies
but not with URL encoding: the code paths are similar, so I'd expect it
to
fail with both or succeed with both.
-- Bill K.
> -----Original Message-----
> From: Brigger Patrick [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 24, 2001 11:05 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: keeping sessions when switching from http to https
>
>
> When I try with cookies enabled, it works both on Netscape and IE 5.
>
> Cookies disabled does not work on either.
>
> Pat
>
> -----Original Message-----
> From: Mike Spreitzer [mailto:[EMAIL PROTECTED]]
> Sent: Dienstag, 24. Juli 2001 19:13
> To: [EMAIL PROTECTED]
> Subject: Re: keeping sessions when switching from http to https
>
>
> Be careful when you experiment and report on this. I have
> found that IE 5
> carries cookies from http to https but Netscape 4 does not.
> I have only
> tested this with cookies, not URL-rewriting. I'm grumped by
> this problem,
> but it's not critcal for me yet --- for my current site, I
> think I can get
> away with only having sessions on the https side.
>
> Mike
>
