• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Tim Cooke
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Frank Carver
  • Henry Wong
  • Ron McLeod
Saloon Keepers:
  • Tim Moores
  • Frits Walraven
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Himai Minh

Sessions in HTTP & HTTPS

 
Ranch Hand
Posts: 147
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Say, I have two servlets, in the first servlet running under HTTP scheme, I create a session and then forward a request to second servlet which is now running under HTTPS scheme, what will happen to the session created in first servlet ? Will I be able to use that session in second servlet in thew same way we usually do ?
Pls. suggest.
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What do you mean when you say that you are running under the http or https schema? Are these two separate web servers? Usually they are, but if you are going to the same app server, you will have the same session on both web servers.
 
Ranch Hand
Posts: 118
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, you cannot use the same session for both http and https URL's. See HttpResponseBase.java in the Tomcat 4 source code, specifically the isEncodeable() method. The URL's in a session must match down to and including the servlet context. It explicitly checks both URL's with getScheme(), which will be different in the case you mention.
 
Sam Cala
Ranch Hand
Posts: 147
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Phil,
Thanx for responding, just to clarify - does it mean that the sessions created under HTTP scheme wont work or cant be accessed in the next servlet if thats running under HTTPS.
I mean if I change the scheme from HTTP to HTTPS, than sessions created in HTTP cant accessed in HTTPS ? Whats the way out ?
Does it mean we shouldn't maintain any sessions while changing from HTTP to HTTPS ?
Regards & best wishes,
 
Ranch Hand
Posts: 1512
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, the same session can not be accessed accross different schemes.
 
Ranch Hand
Posts: 200
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
Just to confuse things, we have an application that uses both http and https and don't have any session problems switching between the two. Specifically, we can see the same session when we go from http to https - maybe the session is being cloned???
We are using Weblogic 6.1
Cheers,
Steve
 
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yup, I've seen the same results using a WebLogic 6.1 Server... the session appears to carry through
 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We are using Websphere 3.5 and it also works for us
 
Sam Cala
Ranch Hand
Posts: 147
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So the conclusion is that session state can be maintained in different schemes...
 
Ranch Hand
Posts: 305
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Perhaps this is possible to have...I have a web server on Windows 2000 and found no problem but yes both schema are on same server...
Arun
 
author
Posts: 1436
6
Python TypeScript Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does the spec say anything about it? I mean, Tomcat is supposed to be the "reference implementation". Commercial products might decide to implement more features but that really compromises the portability ...
Maybe this is an unspecified behaviour in the spec and we just should *not* assume the HTTP and HTTPS could share the same sesson?
 
You save more money with a clothesline than dozens of light bulb purchases. Tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic