[hunchentoot-devel] session shearing question

Andrea Chiumenti kiuma72 at gmail.com
Fri Jan 4 21:11:05 UTC 2008


Suppose you have a web application:
When a user accesses it,  the application will create a session for this
user (not already logged).
Now suppose he will do something that need to be stored into session, as for
example filling a chart in an e-commerce
application.
Now he needs to checkout his chart, but he must login into this e-commerce
site/application, so he will be redirected to an encrypted connection, but
the session, holding the chart, must not be loosen.
This makes me think that I have to share a session (object/service) between
a pair of hunchentoot instances.

On Jan 4, 2008 8:52 PM, Vagif Verdi <vagif at cox.net> wrote:

>  Why do you need to mix in one session http and https?
>
> Browsers do not support it. For example IE gives nasty popup warning every
> time you mix plain and ssl html in one page.
>
> So why bother? Make ALL user sessions SSL, and leave plain http only for
> public part of web site.
>
>
>  ------------------------------
>
> *From:* tbnl-devel-bounces at common-lisp.net [mailto:
> tbnl-devel-bounces at common-lisp.net] *On Behalf Of *Andrea Chiumenti
> *Sent:* Friday, January 04, 2008 11:48 AM
> *To:* General interest list for Hunchentoot and CL-WEBDAV
> *Subject:* Re: [hunchentoot-devel] session shearing question
>
>
>
> Thanks, yes you understood me correctly.
>
> On Jan 4, 2008 8:43 PM, Sohail Somani <sohail at taggedtype.net> wrote:
>
> On Fri, 04 Jan 2008 20:38:31 +0100, Andrea Chiumenti wrote:
>
> > Now that I've been able to start hunchentoot in ssl mode, if I start
> > another hunchentoot instance handling normal http requests, does
> > hunchentoot shares user session between the two instances,if not is
> > there a possibility to do it?
>
> > Now that I've been able to start hunchentoot in ssl mode, if I start
>
> > another hunchentoot instance handling normal http requests, does
> > hunchentoot shares user session between the two instances,if not is
>
> > there a possibility to do it? <br>
>
> If I understand you correctly, I think the only way to do this is to keep
> user sessions in an out-of-process server like a database.
>
> --
> Sohail Somani
> http://uint32t.blogspot.com
>
> _______________________________________________
> tbnl-devel site list
> tbnl-devel at common-lisp.net
> http://common-lisp.net/mailman/listinfo/tbnl-devel
>
>
>
> _______________________________________________
> tbnl-devel site list
> tbnl-devel at common-lisp.net
> http://common-lisp.net/mailman/listinfo/tbnl-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20080104/61e799d1/attachment.html>


More information about the Tbnl-devel mailing list