[hunchentoot-devel] session shearing question
Vagif Verdi
vagif at cox.net
Fri Jan 4 19:52:55 UTC 2008
Why do you need to mix in one session http and https?
Browsers do not support it. For example IE gives nasty popup warning every
time you mix plain and ssl html in one page.
So why bother? Make ALL user sessions SSL, and leave plain http only for
public part of web site.
_____
From: tbnl-devel-bounces at common-lisp.net
[mailto:tbnl-devel-bounces at common-lisp.net] On Behalf Of Andrea Chiumenti
Sent: Friday, January 04, 2008 11:48 AM
To: General interest list for Hunchentoot and CL-WEBDAV
Subject: Re: [hunchentoot-devel] session shearing question
Thanks, yes you understood me correctly.
On Jan 4, 2008 8:43 PM, Sohail Somani <sohail at taggedtype.net> wrote:
On Fri, 04 Jan 2008 20:38:31 +0100, Andrea Chiumenti wrote:
> Now that I've been able to start hunchentoot in ssl mode, if I start
> another hunchentoot instance handling normal http requests, does
> hunchentoot shares user session between the two instances,if not is
> there a possibility to do it?
> Now that I've been able to start hunchentoot in ssl mode, if I start
> another hunchentoot instance handling normal http requests, does
> hunchentoot shares user session between the two instances,if not is
> there a possibility to do it? <br>
If I understand you correctly, I think the only way to do this is to keep
user sessions in an out-of-process server like a database.
--
Sohail Somani
http://uint32t.blogspot.com
_______________________________________________
tbnl-devel site list
tbnl-devel at common-lisp.net
http://common-lisp.net/mailman/listinfo/tbnl-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20080104/50b2b70d/attachment.html>
More information about the Tbnl-devel
mailing list