Suppose you have a web application: <br>When a user accesses it,&nbsp; the application will create a session for this user (not already logged).<br>Now suppose he will do something that need to be stored into session, as for example filling a chart in an e-commerce
<br>application.<br>Now he needs to checkout his chart, but he must login into this e-commerce site/application, so he will be redirected to an encrypted connection, but the session, holding the chart, must not be loosen.
<br>This makes me think that I have to share a session (object/service) between a pair of hunchentoot instances.<br><br><div class="gmail_quote">On Jan 4, 2008 8:52 PM, Vagif Verdi &lt;<a href="mailto:vagif@cox.net">vagif@cox.net
</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">










<div link="blue" vlink="blue" lang="EN-US">

<div>

<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">Why do you need to mix in one session http
and https?</span></font></p>

<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">Browsers do not support it. For example IE
gives nasty popup warning every time you mix plain and ssl html in one page.</span></font></p>

<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">So why bother? Make ALL user sessions SSL,
and leave plain http only for public part of web site.</span></font></p>

<p><font color="navy" face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial; color: navy;">&nbsp;</span></font></p>

<div>

<div style="text-align: center;" align="center"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">

<hr align="center" size="2" width="100%">

</span></font></div>

<p><b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma; font-weight: bold;">From:</span></font></b><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma;">
<a href="mailto:tbnl-devel-bounces@common-lisp.net" target="_blank">tbnl-devel-bounces@common-lisp.net</a> [mailto:<a href="mailto:tbnl-devel-bounces@common-lisp.net" target="_blank">tbnl-devel-bounces@common-lisp.net</a>
] <b><span style="font-weight: bold;">On Behalf Of </span></b>Andrea Chiumenti<br>
<b><span style="font-weight: bold;">Sent:</span></b> Friday, January 04, 2008
11:48 AM<br>
<b><span style="font-weight: bold;">To:</span></b> General
 interest list for Hunchentoot and CL-WEBDAV<br>
<b><span style="font-weight: bold;">Subject:</span></b> Re: [hunchentoot-devel]
session shearing question</span></font></p>

</div><div><div></div><div class="Wj3C7c">

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">&nbsp;</span></font></p>

<p style="margin-bottom: 12pt;"><font face="Times New Roman" size="3"><span style="font-size: 12pt;">Thanks, yes you
understood me correctly.</span></font></p>

<div>

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">On Jan 4, 2008 8:43 PM, Sohail Somani &lt;<a href="mailto:sohail@taggedtype.net" target="_blank">sohail@taggedtype.net</a>&gt; wrote:</span></font></p>


<div>

<div>

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">On Fri, 04 Jan 2008 20:38:31 +0100, Andrea Chiumenti wrote:<br>
<br>
&gt; Now that I&#39;ve been able to start hunchentoot in ssl mode, if I start<br>
&gt; another hunchentoot instance handling normal http requests, does <br>
&gt; hunchentoot shares user session between the two instances,if not is<br>
&gt; there a possibility to do it?</span></font></p>

</div>

</div>

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">&gt; Now that I&amp;#39;ve been able to start hunchentoot in ssl mode,
if I start</span></font></p>

<div>

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">&gt; another hunchentoot instance handling normal http requests, does<br>
&gt; hunchentoot shares user session between the two instances,if not is</span></font></p>

</div>

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">&gt; there a possibility to do it? &lt;br&gt;<br>
<br>
If I understand you correctly, I think the only way to do this is to keep <br>
user sessions in an out-of-process server like a database.<br>
<font color="#888888"><span style="color: rgb(136, 136, 136);"><br>
--<br>
Sohail Somani<br>
<a href="http://uint32t.blogspot.com" target="_blank">http://uint32t.blogspot.com</a><br>
<br>
_______________________________________________ <br>
tbnl-devel site list<br>
<a href="mailto:tbnl-devel@common-lisp.net" target="_blank">tbnl-devel@common-lisp.net</a><br>
<a href="http://common-lisp.net/mailman/listinfo/tbnl-devel" target="_blank">http://common-lisp.net/mailman/listinfo/tbnl-devel
</a></span></font></span></font></p>

</div>

<p><font face="Times New Roman" size="3"><span style="font-size: 12pt;">&nbsp;</span></font></p>

</div></div></div>

</div>


<br>_______________________________________________<br>tbnl-devel site list<br><a href="mailto:tbnl-devel@common-lisp.net">tbnl-devel@common-lisp.net</a><br><a href="http://common-lisp.net/mailman/listinfo/tbnl-devel" target="_blank">
http://common-lisp.net/mailman/listinfo/tbnl-devel</a><br></blockquote></div><br>