You could generate your own seesion Id (an auto-inc field in a database, perhaps) then either post this value between pages in a hidden input type, or pass on the URL for get requests.
Just a suggestion. Duncan. Kok Hoor wrote: > Hi, all ... > > I've been trying to write my own login algorithm that > mimics Hotmail login. > > 1. your browser browse to a http page, in my case, login.jsp. > 2. When you click on enter to submit your login, the form is > posted to a https page, in this case, processLogin.jsp > 3. If the login is valid, the https page will redirect you to a http page, > in this case index.jsp > > The problem is, in order for this to work, I need to ensure that > login.jsp has created a session for the user. If I only create a > session in processLogin, the session will not be available, when user > access index.jsp, which means: > > https -> http ... session created in https will not be visible in http. > http -> https, session created in http will be visible in https. > > Is there any workaround for this? > > Regards, > Kok Hoor > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
