By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,635 Members | 1,699 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,635 IT Pros & Developers. It's quick & easy.

https sessoion tracking

P: n/a
Hello,

I've got this situation:

Servlet accessed by https (ie. https://host.domain/SecureServlet) starts a
session (HttpSession session = req.getSession(true)), sets some session
attributes and then redirects to servlet that is accessed by http (ie:
http://host.domain/UnsecureServlet).

Following problem occurs:

When I try to obtain current session from UnsecureServlet (HttpSession
session = req.getSession(false)) I get null (that means that no session is
associated with req HttpRequest; as far as I understand).

But when I access UnsecureServlet by https I get the session, and
everything is OK (I can get session attributes).

I don't want to access UnsecureServlet by https (because it sends a lot of
information, and https is very resource-consuming protocol, and that
causes problems with thin clients)

My question is:

Can I somehow finish https session, start http session, set some session
attribures, redirect to servlet accessed by http, and read session data
from session I redirected to?

Thank You,

Josip Krapac
Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Your problem is caused by the fact that the browser is seeing your URL
as coming from different hosts (http vs https). One thing you could do
is to grab the cookies from the request when your are coming in as
https, pass then in a javascript and then set them before calling the
http. This will mean doing client side redirect. You could front your
app server with Apache and let it handle SSL, your could then use a
pluging (mod_jk for tomcat) to talk to your app server. Apache based SSL
is a lot faster then using java to handle the SSL protocol.

Lastly, you could manage the session yourself in some sort of a static
HashMap and use the url of the caller as the lookup key, although you
would need to be carefully since client information is often wrong due
to front end proxies and NAT boxes.
Josip Krapac wrote:
Hello,

I've got this situation:

Servlet accessed by https (ie. https://host.domain/SecureServlet) starts a
session (HttpSession session = req.getSession(true)), sets some session
attributes and then redirects to servlet that is accessed by http (ie:
http://host.domain/UnsecureServlet).

Following problem occurs:

When I try to obtain current session from UnsecureServlet (HttpSession
session = req.getSession(false)) I get null (that means that no session is
associated with req HttpRequest; as far as I understand).

But when I access UnsecureServlet by https I get the session, and
everything is OK (I can get session attributes).

I don't want to access UnsecureServlet by https (because it sends a lot of
information, and https is very resource-consuming protocol, and that
causes problems with thin clients)

My question is:

Can I somehow finish https session, start http session, set some session
attribures, redirect to servlet accessed by http, and read session data
from session I redirected to?

Thank You,

Josip Krapac

Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.