Re: Strange behavious with session creation on http and https

[John Sidney-Woollett <jo...@wardbrook.com>]

Ismael Blesa Part said:
>
> I have set two connectors http and https. I have my webapp that is
> served by these two connectors.

[snip]

> However, If I connect first to https and then I change to http, I will
> have two sessions, one for https and the other one to http.

I believe that this is normal.

If you ensure that the session is created using a non secure page first
(you can always redirect from a non-secure to a secure page after creating
the session), then the problem will go away.

John Sidney-Woollett

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Strange behavious with session creation on http and https

[John Sidney-Woollett <jo...@wardbrook.com>]

Ismael Blesa Part said:
> I would like to have different sessions for different schemas, that is,
> If you connect to http and then to https then TWO DIFFERENT sessions are
> created.
> But I have not found how to do this.
>
> My fear is that on different application servers the behaviour is
> different.

If this is the behaviour that you want, then you only have to worry about
the case when the user goes from http to https (because you want a new
session instead of the old one).

One way to do this would be to record the type of connection (secure or
not) in the session when it is created, and then when you go to a secure
connection, check the value you stored (in the session).

If it indicates that the session was not originally created by a secure
requested, invalidate that session, and create a new one.

I think that will probably work.

John Sidney-Woollett

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Strange behavious with session creation on http and https

[Ismael Blesa Part <ib...@tissat.es>]

I have reviewed the mailing list and I have found that the normal 
behaviour in tomcat is

You enter in http and then change to https (session is shared)
You enter in https and then in http (you have two different sessions)


I would like to have different sessions for different schemas, that is, 
If you connect to http and then to https then TWO DIFFERENT sessions are 
created.
But I have not found how to do this.

My fear is that on different application servers the behaviour is 
different.


Ismael

John Sidney-Woollett wrote:

>Ismael Blesa Part said:
>  
>
>>I have set two connectors http and https. I have my webapp that is
>>served by these two connectors.
>>    
>>
>
>[snip]
>
>  
>
>>However, If I connect first to https and then I change to http, I will
>>have two sessions, one for https and the other one to http.
>>    
>>
>
>I believe that this is normal.
>
>If you ensure that the session is created using a non secure page first
>(you can always redirect from a non-secure to a secure page after creating
>the session), then the problem will go away.
>
>John Sidney-Woollett
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org