On Sat, 2002-12-07 at 03:35, Craig R. McClanahan wrote:
That's not quite right.
Starting a session in http and switching to https for the sensitive part
(i.e. fill your shopping cart on http and switch for the checkout page
that asks for your credit card number) is fine.
Switching from https to http, in the same session, is not fine.
But when i switch from http to https, all objects I had in the session
are not accessible anymore, I asume that's becouse a new session is
created. Isn't that how it is? I've been trying to find out if i can
retrieve those objects in the http session (if it's anotherone). Session
sharing is not possible anymore...
If it was the same session id when switching from http to https, then
that would also be a security risk would not it?
To unsubscribe, e-mail: <mailto:tomc...@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomc...@jakarta.apache.org>