Suppose you have a web application:
When a user accesses it,  the application will create a session for this user (not already logged).
Now suppose he will do something that need to be stored into session, as for example filling a chart in an e-commerce
application.
Now he needs to checkout his chart, but he must login into this e-commerce site/application, so he will be redirected to an encrypted connection, but the session, holding the chart, must not be loosen.
This makes me think that I have to share a session (object/service) between a pair of hunchentoot instances.

On Jan 4, 2008 8:52 PM, Vagif Verdi <vagif@cox.net > wrote:

Why do you need to mix in one session http and https?

Browsers do not support it. For example IE gives nasty popup warning every time you mix plain and ssl html in one page.

So why bother? Make ALL user sessions SSL, and leave plain http only for public part of web site.

 


From: tbnl-devel-bounces@common-lisp.net [mailto:tbnl-devel-bounces@common-lisp.net ] On Behalf Of Andrea Chiumenti
Sent: Friday, January 04, 2008 11:48 AM
To: General interest list for Hunchentoot and CL-WEBDAV
Subject: Re: [hunchentoot-devel] session shearing question

 

Thanks, yes you understood me correctly.

On Jan 4, 2008 8:43 PM, Sohail Somani <sohail@taggedtype.net> wrote:

On Fri, 04 Jan 2008 20:38:31 +0100, Andrea Chiumenti wrote:

> Now that I've been able to start hunchentoot in ssl mode, if I start
> another hunchentoot instance handling normal http requests, does
> hunchentoot shares user session between the two instances,if not is
> there a possibility to do it?

> Now that I&#39;ve been able to start hunchentoot in ssl mode, if I start

> another hunchentoot instance handling normal http requests, does
> hunchentoot shares user session between the two instances,if not is

> there a possibility to do it? <br>

If I understand you correctly, I think the only way to do this is to keep
user sessions in an out-of-process server like a database.

--
Sohail Somani
http://uint32t.blogspot.com

_______________________________________________
tbnl-devel site list
tbnl-devel@common-lisp.net
http://common-lisp.net/mailman/listinfo/tbnl-devel

 


_______________________________________________
tbnl-devel site list
tbnl-devel@common-lisp.net
http://common-lisp.net/mailman/listinfo/tbnl-devel