You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Kok Hoor <ko...@yahoo.com> on 2001/12/26 07:55:36 UTC

SSL Login, Hotmail style

Hi, all ...

    I've been trying to write my own login algorithm that
mimics Hotmail login.

1. your browser browse to a http page, in my case, login.jsp.
2. When you click on enter to submit your login, the form is
  posted to a https page, in this case, processLogin.jsp
3. If the login is valid, the https page will redirect you to a http page,
in this case index.jsp

The problem is, in order for this to work, I need to ensure that
login.jsp has created a session for the user. If I only create a
session in processLogin, the session will not be available, when user
access index.jsp, which means:

https -> http ... session created in https will not be visible in http.
http -> https, session created in http will be visible in https.

Is there any workaround for this?

Regards,
    Kok Hoor

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: SSL Login, Hotmail style

Posted by Duncan Smith <ja...@deckertelecom.net>.

You could generate your own seesion Id (an auto-inc field in a database,
perhaps) then either post this value between pages in a hidden input type, or
pass on the URL for get requests.

Just a suggestion.

Duncan.

Kok Hoor wrote:

> Hi, all ...
>
>     I've been trying to write my own login algorithm that
> mimics Hotmail login.
>
> 1. your browser browse to a http page, in my case, login.jsp.
> 2. When you click on enter to submit your login, the form is
>   posted to a https page, in this case, processLogin.jsp
> 3. If the login is valid, the https page will redirect you to a http page,
> in this case index.jsp
>
> The problem is, in order for this to work, I need to ensure that
> login.jsp has created a session for the user. If I only create a
> session in processLogin, the session will not be available, when user
> access index.jsp, which means:
>
> https -> http ... session created in https will not be visible in http.
> http -> https, session created in http will be visible in https.
>
> Is there any workaround for this?
>
> Regards,
>     Kok Hoor
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> --
> To unsubscribe:   <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>