On Sat, 2002-12-07 at 03:35, Craig R. McClanahan wrote: > > That's not quite right. > > Starting a session in http and switching to https for the sensitive part > (i.e. fill your shopping cart on http and switch for the checkout page > that asks for your credit card number) is fine. > > Switching from https to http, in the same session, is not fine. >
But when i switch from http to https, all objects I had in the session are not accessible anymore, I asume that's becouse a new session is created. Isn't that how it is? I've been trying to find out if i can retrieve those objects in the http session (if it's anotherone). Session sharing is not possible anymore... If it was the same session id when switching from http to https, then that would also be a security risk would not it? Thanks! -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
