Try logging in using your web browser and inspect cookies -- you'll
see that the cookies pertain to the domain, and that https and http
are two distinct domains.
On Feb 21, 2008, at 9:28 AM, Adam Douglas wrote:
> Hi Bill. BTW, thanks for all the help you have provide much
>> When redirecting to another domain you need to provide a
>> means for the session to be continued. For example, a unique
>> identifier (i.e, the session cookie) could be appended to the
>> query string. The server to which the user is redirected
>> uses the uid to re-establish session cookies. Of course your
>> application server must allow you to use the same session
>> identifier with different domains.
> Okay I may have confused you here but there is no redirect to another
> domain. The client logs in by going to
> http://blowfish.venmarces.com/login/. If authentication is successful
> the authenticated client is redirected to
> https://blowfish.venmarces.com/ (the homepage) else if the
> authentication fails the login page is displayed with applicable error
> messages. Normally the client would be on SSL the entire time but
> I can get SSL to work with Perl I'm just not using SSL at the login
> page. There is already a process in place that maintains the session
> using PHP sessions. The sessions are maintained from the server to the
> client's cookie. This process works perfectly outside of using Swish-e
> and is in use on a production server as well.
> Oh no way, just after typing the above I think I may have an idea
> of the
> problem. The redirect from /login/ to / is using SSL. SSL is not
> with Perl at the moment. I wish I knew how to make SSL work with Perl.
> Bingo this is the problem. I remove all references to using SSL and it
> appears to be working I think. Can you take a look to see if it
> to be working correctly,
>> Is spider.pl configured to know that the server to which you
>> are redirecting is the 'same' as the original. If not, the
>> spider will interpret the redirected page as an 'off-site
>> link' and halt.
> Mmm... well in this case I'm not leaving the domain that the
> authentication occurs on just changing the path from /login/ to /.
> This message (including any attachments) is intended only for the
> use of the individual or entity to which it is addressed and may
> contain information that is non-public, proprietary,privileged,
> confidential, and exempt from disclosure under applicable law or
> may constitute as attorney work product. If you are not the
> intended recipient, you are hereby notified that any use,
> dissemination, distribution, or copying of this communication is
> strictly prohibited. If you have received this communication in
> error, notify us immediately by telephone and
> (i) destroy this message if a facsimile or (ii) delete this message
> immediately if this is an electronic communication. Thank you.
Users mailing list
Received on Thu Feb 21 12:35:29 2008