Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Session is not getting while shifting from HTTPS to HTTP

 
Tijo Mathew
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a few JSP pages that are under https, while the rest of the site pages are under http. The login page I have, is under https, and I've noticed that when I login, and redirect to an http page, that the session is not being maintained and again it asks for login.
Anyone could help me to fix this issue?
 
Tim Holloway
Bartender
Posts: 18419
60
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, once you login, it's better to stay in HTTPS mode. Otherwise you increase the risk that an exploiter might be able to obtain access to sensitive session data via an HTTP request.

I don't think you'd be having this problem if you were using the J2EE standard container management security system, however. This kind of problem usually pops up when people invent their own login/security systems.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!