Is there a difference in how Zope handles session data (i.e. anything stored within the SESSION attribute of the REQUEST object) when it is running with and without SSL? For some reason, when I access Zope securely (i.e. https://...) my session data is not retained as I access different pages of my application. This does not happen when I use http://... to access Zope. I was able to determine this by using <dtml-var "REQUEST.SESSION"> in my DTML documents. Any help would be greatly appreciated. Thanks. - Asad
Asad Habib wrote at 2004-9-3 13:04 -0400:
Is there a difference in how Zope handles session data (i.e. anything stored within the SESSION attribute of the REQUEST object) when it is running with and without SSL? For some reason, when I access Zope securely (i.e. https://...) my session data is not retained as I access different pages of my application.
Apparently, your browser does not deliver the same cookies for http/https. We encode the session id into the URL (and therefore are independent of cookies). -- Dieter
participants (2)
-
Asad Habib -
Dieter Maurer