You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kok Hoor <ko...@yahoo.com> on 2001/12/26 07:55:36 UTC
SSL Login, Hotmail style
Hi, all ...
I've been trying to write my own login algorithm that
mimics Hotmail login.
1. your browser browse to a http page, in my case, login.jsp.
2. When you click on enter to submit your login, the form is
posted to a https page, in this case, processLogin.jsp
3. If the login is valid, the https page will redirect you to a http page,
in this case index.jsp
The problem is, in order for this to work, I need to ensure that
login.jsp has created a session for the user. If I only create a
session in processLogin, the session will not be available, when user
access index.jsp, which means:
https -> http ... session created in https will not be visible in http.
http -> https, session created in http will be visible in https.
Is there any workaround for this?
Regards,
Kok Hoor
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: SSL Login, Hotmail style
Posted by Duncan Smith <ja...@deckertelecom.net>.
You could generate your own seesion Id (an auto-inc field in a database,
perhaps) then either post this value between pages in a hidden input type, or
pass on the URL for get requests.
Just a suggestion.
Duncan.
Kok Hoor wrote:
> Hi, all ...
>
> I've been trying to write my own login algorithm that
> mimics Hotmail login.
>
> 1. your browser browse to a http page, in my case, login.jsp.
> 2. When you click on enter to submit your login, the form is
> posted to a https page, in this case, processLogin.jsp
> 3. If the login is valid, the https page will redirect you to a http page,
> in this case index.jsp
>
> The problem is, in order for this to work, I need to ensure that
> login.jsp has created a session for the user. If I only create a
> session in processLogin, the session will not be available, when user
> access index.jsp, which means:
>
> https -> http ... session created in https will not be visible in http.
> http -> https, session created in http will be visible in https.
>
> Is there any workaround for this?
>
> Regards,
> Kok Hoor
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>