aspose file tools
The moose likes Servlets and the fly likes Not container managed SSL login with following non secure operations Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Arduino in Action this week in the General Computing forum!

A special promo: Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch » Java Forums » Java » Servlets
Reply Bookmark "Not container managed SSL login with following non secure operations " Watch "Not container managed SSL login with following non secure operations " New topic
Author

Not container managed SSL login with following non secure operations

D Rog
Ranch Hand

Joined: Feb 07, 2004
Posts: 471
posted private message
0
Quote
It's easy to setup in container, however for some reason my servlet should do authentication. Is session cookie set as secure? If not it should work, right?

Get power of your iPod with MediaChest | Minimal J2EE container is here | Light weight full J2EE stack | My blog | Co-author of "Windows programming in Turbo Pascal"
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I like...
Android Eclipse IDE Ubuntu
posted
0
Quote
Session cookies are stored in the HTTP header and are encrypted, but if you're looking at a mixture of encrypted and non-encrypted traffic this won't matter. You will want to make sure the domain set in the cookie is the same for both the SSL and non-SSL traffic otherwise the user will be authenticated with a cookie valid for the SSL domain but the cookie will not be sent when they move to the non-SSL domain.

Dave
 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: Not container managed SSL login with following non secure operations
 
Similar Threads
cookies scoped to web-application within a domain
WA #1.....word association
question on form based authentication
web-container or application
how can i make the session id more secure