• Post Reply Bookmark Topic Watch Topic
  • New Topic

Sessions in HTTP & HTTPS  RSS feed

 
Sam Cala
Ranch Hand
Posts: 147
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Say, I have two servlets, in the first servlet running under HTTP scheme, I create a session and then forward a request to second servlet which is now running under HTTPS scheme, what will happen to the session created in first servlet ? Will I be able to use that session in second servlet in thew same way we usually do ?
Pls. suggest.
 
marijana grabovac
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you mean when you say that you are running under the http or https schema? Are these two separate web servers? Usually they are, but if you are going to the same app server, you will have the same session on both web servers.
 
Phil Hanna
Ranch Hand
Posts: 118
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, you cannot use the same session for both http and https URL's. See HttpResponseBase.java in the Tomcat 4 source code, specifically the isEncodeable() method. The URL's in a session must match down to and including the servlet context. It explicitly checks both URL's with getScheme(), which will be different in the case you mention.
 
Sam Cala
Ranch Hand
Posts: 147
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Phil,
Thanx for responding, just to clarify - does it mean that the sessions created under HTTP scheme wont work or cant be accessed in the next servlet if thats running under HTTPS.
I mean if I change the scheme from HTTP to HTTPS, than sessions created in HTTP cant accessed in HTTPS ? Whats the way out ?
Does it mean we shouldn't maintain any sessions while changing from HTTP to HTTPS ?
Regards & best wishes,
 
Bosun Bello
Ranch Hand
Posts: 1511
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, the same session can not be accessed accross different schemes.
 
Steve Granton
Ranch Hand
Posts: 200
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Just to confuse things, we have an application that uses both http and https and don't have any session problems switching between the two. Specifically, we can see the same session when we go from http to https - maybe the session is being cloned???
We are using Weblogic 6.1
Cheers,
Steve
 
Angela Margot
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yup, I've seen the same results using a WebLogic 6.1 Server... the session appears to carry through
 
Paul Richards
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We are using Websphere 3.5 and it also works for us
 
Sam Cala
Ranch Hand
Posts: 147
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So the conclusion is that session state can be maintained in different schemes...
 
arun mahajan
Ranch Hand
Posts: 305
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Perhaps this is possible to have...I have a web server on Windows 2000 and found no problem but yes both schema are on same server...
Arun
 
Michael Yuan
author
Ranch Hand
Posts: 1427
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does the spec say anything about it? I mean, Tomcat is supposed to be the "reference implementation". Commercial products might decide to implement more features but that really compromises the portability ...
Maybe this is an unspecified behaviour in the spec and we just should *not* assume the HTTP and HTTPS could share the same sesson?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!