Maintaining a session between HTTP and HTTPS

  • Thread starter Robert Mark Bram
  • Start date
R

Robert Mark Bram

Hi All,

1) In a web app, is it standard to use HTTPS only for those pages that
are transmitting data you want to encrypt (e.g. user name and
password) and use HTTP for everything else?

2) If you do this, are there any issues with sharing the session? I.e.
can my JSPs hit through HTTPS still access the same session variables
created and modified by my JSPs hit through HTTP?

Thanks for any advice!

Rob
:)
 
P

Pushkaraj

1. Protocol to use depends on sensitivity of your data, we use HTTPS
for this, and for normal data prefer HTTP as it is fast and puts less
overhead on Server/Client.

2. I am not sure about your environment, if you as using J2EE
webcontainer for deploying the application, then webcontainer manages
your session, independent of you use HTTPS or HTTP protocol.

Hope this answers your questions,

Pushkaraj
 
L

Lew

Pushkaraj said:
1. Protocol to use depends on sensitivity of your data, we use HTTPS
for this, and for normal data prefer HTTP as it is fast and puts less
overhead on Server/Client.

2. I am not sure about your environment, if you as using J2EE
webcontainer for deploying the application, then webcontainer manages
your session, independent of you use HTTPS or HTTP protocol.
Click to expand...

The information is correct, but please do not top-post.
 
R

Robert Mark Bram

Hi Pushkaraj,
1. Protocol to use depends on sensitivity of your data, we use HTTPS
for this, and for normal data prefer HTTP as it is fast and puts less
overhead on Server/Client.

2. I am not sure about your environment, if you as using J2EE
webcontainer for deploying the application, then webcontainer manages
your session, independent of you use HTTPS or HTTP protocol.

Hope this answers your questions,
Click to expand...

It does - thank you very much!

Rob
:)
 
D

dcest61

Robert said:
Hi Pushkaraj,


It does - thank you very much!

Rob
:)
Click to expand...

I'll just add, depending on your web container, you'll likely have to do
some extra server configuration to ensure that web app information
(including sessions) is shared across HTTP and HTTPS requests. It's usually
not onerous at all.

AHS
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
The distinction between a java applet and an application 1
Apache Tomcat https link goes down but http works 1
switching between https and http 0
How to upload a compressed file (.gz) to the swift object storage using the Python swift client? 1
http to https redirect 4
Mixing HTTP and HTTPS? 0
Menu issues - please help me 0

Members online

Total: 60 (members: 1, guests: 59)
Robots: 476

Forum statistics

Threads
473,995
Messages
2,570,226
Members
46,815
Latest member
treekmostly22

Latest Threads

Top