Suppose you have a web application: When a user accesses it, the application will create a session for this user (not already logged). Now suppose he will do something that need to be stored into session, as for example filling a chart in an e-commerce application. Now he needs to checkout his chart, but he must login into this e-commerce site/application, so he will be redirected to an encrypted connection, but the session, holding the chart, must not be loosen. This makes me think that I have to share a session (object/service) between a pair of hunchentoot instances.
On Jan 4, 2008 8:52 PM, Vagif Verdi vagif@cox.net wrote:
Why do you need to mix in one session http and https?
Browsers do not support it. For example IE gives nasty popup warning every time you mix plain and ssl html in one page.
So why bother? Make ALL user sessions SSL, and leave plain http only for public part of web site.
*From:* tbnl-devel-bounces@common-lisp.net [mailto: tbnl-devel-bounces@common-lisp.net] *On Behalf Of *Andrea Chiumenti *Sent:* Friday, January 04, 2008 11:48 AM *To:* General interest list for Hunchentoot and CL-WEBDAV *Subject:* Re: [hunchentoot-devel] session shearing question
Thanks, yes you understood me correctly.
On Jan 4, 2008 8:43 PM, Sohail Somani sohail@taggedtype.net wrote:
On Fri, 04 Jan 2008 20:38:31 +0100, Andrea Chiumenti wrote:
Now that I've been able to start hunchentoot in ssl mode, if I start another hunchentoot instance handling normal http requests, does hunchentoot shares user session between the two instances,if not is there a possibility to do it?
Now that I've been able to start hunchentoot in ssl mode, if I start
another hunchentoot instance handling normal http requests, does hunchentoot shares user session between the two instances,if not is
there a possibility to do it? <br>
If I understand you correctly, I think the only way to do this is to keep user sessions in an out-of-process server like a database.
-- Sohail Somani http://uint32t.blogspot.com
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel