aspose file tools*
The moose likes Servlets and the fly likes Maintaining Session over HTTPS and HTTP Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Maintaining Session over HTTPS and HTTP" Watch "Maintaining Session over HTTPS and HTTP" New topic
Author

Maintaining Session over HTTPS and HTTP

Manuel Moons
Ranch Hand

Joined: Mar 05, 2002
Posts: 229
Hello everyone,

Does anybody know if there is a way to configure a JBOSS server so it shares the same HTTPSession ,created using a HTTPS connection, over a HTTP and HTTPS connection.

I have a login servlet that uses https. In the httpsession some user information is stored. The next time I connect to the server using a HTTP connection the session is new. The cookie stored on the client states that it is a secure cookie. The client(browser) does not send it along when I connect using HTTP.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

That is the expected behaviour.
You'll have to code around it.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Manuel Moons
Ranch Hand

Joined: Mar 05, 2002
Posts: 229
Ok, standard behaviour for JBoss?

But I found a setting in Weblogic that makes it configurable. A session can be shared there. (At least that's what I understood there.)
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

AFAIK, it's standard for J2EE or SSL. Jboss uses Tomcat as it's servlet container, and I don't know of a way to change this behaviour in Tomcat.

That you found a setting in Weblogic tells me that I may be wrong about this.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Maintaining Session over HTTPS and HTTP