Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Maintaining Session over HTTPS and HTTP

 
Manuel Moons
Ranch Hand
Posts: 229
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello everyone,

Does anybody know if there is a way to configure a JBOSS server so it shares the same HTTPSession ,created using a HTTPS connection, over a HTTP and HTTPS connection.

I have a login servlet that uses https. In the httpsession some user information is stored. The next time I connect to the server using a HTTP connection the session is new. The cookie stored on the client states that it is a secure cookie. The client(browser) does not send it along when I connect using HTTP.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That is the expected behaviour.
You'll have to code around it.
 
Manuel Moons
Ranch Hand
Posts: 229
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, standard behaviour for JBoss?

But I found a setting in Weblogic that makes it configurable. A session can be shared there. (At least that's what I understood there.)
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
AFAIK, it's standard for J2EE or SSL. Jboss uses Tomcat as it's servlet container, and I don't know of a way to change this behaviour in Tomcat.

That you found a setting in Weblogic tells me that I may be wrong about this.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic