You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mufaddal Khumri <MK...@allegromedical.com> on 2005/07/18 21:17:08 UTC
Tomcat and SSL
Hello,
I wanted to verify if I am understanding this right.
The website has certain sections of it using HTTPS (secure) and certain
sections use only HTTP (unsecure).
1. A new session resulting from a call to request.getSession(true) in a
secure area of a website is invalidated automatically when the session
transitions from the secure to an unsecure area of the website.
2. A new session resulting from a call to request.getSession(true) in an
unsecure area of a website is untouched when the session transitions
from the unsecure to a secure area of the website and from the unsecure
to a secure area of the website.
Am I understanding 1 and 2 right?
Thanks,
Mufaddal.
------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity
to whom they are addressed. If you have received this
email in error please notify the system manager. Please
note that any views or opinions presented in this email
are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient
should check this email and any attachments for the
presence of viruses. The company accepts no liability for
any damage caused by any virus transmitted by this email.
Consult your physician prior to the use of any medical
supplies or product.
------------------------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat and SSL
Posted by Peddireddy Srikanth <pe...@gmail.com>.
i dont think https and http requests from the same machine will be
having any impact on the session created already.
I mean even if u call request.getSession(true) in a secure page and if
a valid session already exists , nothinng like "creating a new session
and invalidating it" will happen.
There will not any difference between a http request and https request
from web server point of view, except that they are received on
different ports and one needs to be decrypted before processing
any detailed explaination on this will be appreciated
On 7/19/05, Mufaddal Khumri <MK...@allegromedical.com> wrote:
> Hello,
>
> I wanted to verify if I am understanding this right.
>
> The website has certain sections of it using HTTPS (secure) and certain
> sections use only HTTP (unsecure).
>
> 1. A new session resulting from a call to request.getSession(true) in a
> secure area of a website is invalidated automatically when the session
> transitions from the secure to an unsecure area of the website.
>
> 2. A new session resulting from a call to request.getSession(true) in an
> unsecure area of a website is untouched when the session transitions
> from the unsecure to a secure area of the website and from the unsecure
> to a secure area of the website.
>
> Am I understanding 1 and 2 right?
>
> Thanks,
> Mufaddal.
>
> ------------------------------------------------------------------------------------------
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual or entity
> to whom they are addressed. If you have received this
> email in error please notify the system manager. Please
> note that any views or opinions presented in this email
> are solely those of the author and do not necessarily
> represent those of the company. Finally, the recipient
> should check this email and any attachments for the
> presence of viruses. The company accepts no liability for
> any damage caused by any virus transmitted by this email.
> Consult your physician prior to the use of any medical
> supplies or product.
> ------------------------------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org