Why do you need to mix in one session http and https?
Browsers do not support it. For example IE gives nasty popup warning every time you mix plain and ssl html in one page.
So why bother? Make ALL user sessions SSL, and leave plain http only for public part of web site.
_____
From: tbnl-devel-bounces@common-lisp.net [mailto:tbnl-devel-bounces@common-lisp.net] On Behalf Of Andrea Chiumenti Sent: Friday, January 04, 2008 11:48 AM To: General interest list for Hunchentoot and CL-WEBDAV Subject: Re: [hunchentoot-devel] session shearing question
Thanks, yes you understood me correctly.
On Jan 4, 2008 8:43 PM, Sohail Somani sohail@taggedtype.net wrote:
On Fri, 04 Jan 2008 20:38:31 +0100, Andrea Chiumenti wrote:
Now that I've been able to start hunchentoot in ssl mode, if I start another hunchentoot instance handling normal http requests, does hunchentoot shares user session between the two instances,if not is there a possibility to do it?
Now that I've been able to start hunchentoot in ssl mode, if I start
another hunchentoot instance handling normal http requests, does hunchentoot shares user session between the two instances,if not is
there a possibility to do it? <br>
If I understand you correctly, I think the only way to do this is to keep user sessions in an out-of-process server like a database.
-- Sohail Somani http://uint32t.blogspot.com
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel