Sessions and cookies


#1

Hey,

 I was wondering if anyone could offer some help.



I have a site running on GF v2 that has a secure login page (https) but
the rest of the site doesn’t have to run over https.  If I’ve never
been to the site and goto the https://loginpage I see my user get
logged in, but upon redirecting to the http://mainpage the session
information is lost/intentionally removed by something (could be
glassfish) and I am redirected to login again.  I can then login.
and
the site works great.



If I’ve never been to the site before (delete all cookies) and goto the
http://loginpage I am redirected to the https login page and I can log
in and go right to my main page … no problem.



It appears the following is happening… If I go to the site and hit an
http url first.  I get a session cookie (JSESSIONID) that doesn’t
change as I go back and forth between https and http.  However if
the
first url I hit is an https url (and I don’t have any cookies for this
site), the JSESSIONID changes when I go from https to http.  I am
not
sure if this is how glassfish is supposed to work or if this is how
sessions and cookies work in general or what … but could anyone who’s
more experienced with this stuff offer up some guidance? 



Is there something in glassfish I should tweak?  something I should
be doing wrt to sessions in rails?



Any help would be appreciated

Thanks!

Jay


To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

#2

Hi Jay,
same on tomcat and normal java app. Don’t know for sure but that might
be preffered behaviour.

Best greetings,
Pawel Wielgus.

2009/4/6, Jay McGaffigan removed_email_address@domain.invalid:

If I’ve never been to the site before (delete all cookies) and goto the
offer up some guidance?

Is there something in glassfish I should tweak? something I should be doing
wrt to sessions in rails?

Any help would be appreciated
Thanks!
Jay
--------------------------------------------------------------------- To
unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email


To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email