aspose file tools*
The moose likes Servlets and the fly likes Not container managed SSL login with following non secure operations Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Not container managed SSL login with following non secure operations " Watch "Not container managed SSL login with following non secure operations " New topic
Author

Not container managed SSL login with following non secure operations

D Rog
Ranch Hand

Joined: Feb 07, 2004
Posts: 472

It's easy to setup in container, however for some reason my servlet should do authentication. Is session cookie set as secure? If not it should work, right?


Retire your iPod and start with HD Android music player Kamerton | Minimal J2EE container is here | Light weight full J2EE stack | and build tool | Co-author of "Windows programming in Turbo Pascal"
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Session cookies are stored in the HTTP header and are encrypted, but if you're looking at a mixture of encrypted and non-encrypted traffic this won't matter. You will want to make sure the domain set in the cookie is the same for both the SSL and non-SSL traffic otherwise the user will be authenticated with a cookie valid for the SSL domain but the cookie will not be sent when they move to the non-SSL domain.

Dave
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Not container managed SSL login with following non secure operations