Re: RE: apche http lost session

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

yanivo@xxxxxxxxxxxxxxx wrote:

...

I have apache http 2.2 server that forward request to jboss web server (version 4.2)
I configure my http server to forward request when user login to secure page (https)
When the user login I save the user information in my session (not in a cookie!!!)
After the user success login I forward the request to non-secure page (http)
But when I try to get the user information from the session I found that my session was lost between the pages (https to http) 
How can I solved this ?


Someone else here already gave you a good clue.
You should probably start by reading
http://en.wikipedia.org/wiki/HTTP_cookie
and see what they have to say about "secure" cookies.
Your session data is not saved in a cookie, but the "key" to the session data is saved in a cookie. The server needs that key, in order to retrieve the session data at the next request. But, if that cookie is set up at a moment where the connection is HTTPS, then the cookie is "marked" for (secure) HTTPS. Your browser (probably) will not send that cookie to the server at the next request, if that next request happens under (non-secure) HTTP. And since then, the new request arrives to the server without the session-id cookie, the server thinks this is a new session. 
That is what makes you think that your session "is lost".
Another suggestion : get yourself a browser add-on like HttpFox for Firefox, or Fiddler2 for IE. Then run your login sequence, and carefully examine the HTTP headers of the requests and responses. 
That will show you what is going on.
You will see "SetCookie" headers being sent by the server, and "Cookie" headers being sent by the browser. Or not. 
Look for cookies named "JSESSIONID".


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux