You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Philipp Leusmann <ph...@post.rwth-aachen.de> on 2003/08/28 20:27:52 UTC
Netscape Session problem
Hi,
in my Application I am running into trouble with getting the same session
for http- and https-pages.
I am using a security-constraint for some pages to use a https connection.
But when the user gets a session on a http-page he doesn´t get the same
session on a https-page. At least in Netscape7.0 and older Mozillas he
doesn´t. In IE , Opera and Mozilla 1.4 it works without problems.
Is there anything I can do about that? Can i alter security-constraints
during runtime?
Thanks in advance,
Philipp
Re: Netscape Session problem
Posted by Tim Funk <fu...@joedog.org>.
In summary: (So i got it right)
You are going from http-->https and wish to retain the session in the transition.
With IE , Opera and Mozilla 1.4 - ALL OK
Older Moz, and Netscape 7(and less) - a new session is made. (Not ok?)
If thats the case I have no clue but a workaround is to ditch the security
constraint in web.xml and create a Filter on all pages which checks for
request.isSecure() and issues a redirect doing the session encoding for you
to the https version.
For example:
public void doFilter(...) {
if (request.isSecure()) {
chain.doFilter(request, response);
} else {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
StringBuffer url = request.getURL();
if (null!=request.getQueryString())
url.append("?").append(request.getQueryString());
response.sendRedirect("https://" +
request.getServerName() +
response.encodeURL(url));
}
}
-Tim
Philipp Leusmann wrote:
> Hi,
>
> in my Application I am running into trouble with getting the same session
> for http- and https-pages.
> I am using a security-constraint for some pages to use a https connection.
> But when the user gets a session on a http-page he doesn´t get the same
> session on a https-page. At least in Netscape7.0 and older Mozillas he
> doesn´t. In IE , Opera and Mozilla 1.4 it works without problems.
> Is there anything I can do about that? Can i alter security-constraints
> during runtime?
>
> Thanks in advance,
> Philipp
>