switching between http and https without cookies possible in ofbiz?????
Locked
switching between http and https without cookies possible in ofbiz?????
 
|
Hi All,
I am not a tech savvy. Please pull me out of this problem. Problem: I am browsing with "Disable Cookies" option for my ofbiz site. When ever, I switch from http to https it is asking me to login. I saw that ofbiz sets JSESSIONID as a cookie in normal browsing(cookie enabled). Q1) Is this problem only in ofbiz or default from tomcat. I am questioning because ofbiz internally uses tomcat instance??. Q2) Is there any solution for switching between http and https other than cookies??? Because, I want my "cookie-disabled customers" to browse successfully on my site to place order??. -- Thanks, Kumaraswamy.N 91-9866805250. |
|
|
Kumaraswamy,
If you disbable the cookies every URL must have a jsession id. This works fine OOTB when switching one protocol to another and jsessionid is appended to the URL. Your's is custom code or you are using OOTB? Thanks, Raj Kumaraswamy nandipati wrote: > Hi All, > > I am not a tech savvy. Please pull me out of this problem. > > Problem: I am browsing with "Disable Cookies" option for my ofbiz site. When > ever, I switch from http to https it is asking me to login. I saw that ofbiz > sets JSESSIONID as a cookie in normal browsing(cookie enabled). > > Q1) Is this problem only in ofbiz or default from tomcat. I am questioning > because ofbiz internally uses tomcat instance??. > > Q2) Is there any solution for switching between http and https other than > cookies??? Because, I want my "cookie-disabled customers" to browse > successfully on my site to place order??. > > > > > > |
RE: switching between http and https without cookies possible in ofbiz?????
|
|
Hi All,
Even i am facing this same problem of logging out in my ofbiz application when moving. Your help is appreciated. Regards Hemanth ________________________________________ From: Raj Saini [[hidden email]] Sent: 07 November 2009 20:37 To: [hidden email] Subject: Re: switching between http and https without cookies possible in ofbiz????? Kumaraswamy, If you disbable the cookies every URL must have a jsession id. This works fine OOTB when switching one protocol to another and jsessionid is appended to the URL. Your's is custom code or you are using OOTB? Thanks, Raj Kumaraswamy nandipati wrote: > Hi All, > > I am not a tech savvy. Please pull me out of this problem. > > Problem: I am browsing with "Disable Cookies" option for my ofbiz site. When > ever, I switch from http to https it is asking me to login. I saw that ofbiz > sets JSESSIONID as a cookie in normal browsing(cookie enabled). > > Q1) Is this problem only in ofbiz or default from tomcat. I am questioning > because ofbiz internally uses tomcat instance??. > > Q2) Is there any solution for switching between http and https other than > cookies??? Because, I want my "cookie-disabled customers" to browse > successfully on my site to place order??. > > > > > > http://www.mindtree.com/email/disclaimer.html |
|
|
Hi Hemanth,
Can you explain a bit more please? What do you mean "when moving". Thanks, Raj Hemanth Kumar Kanamarlapudi wrote: > Hi All, > > Even i am facing this same problem of logging out in my ofbiz application when moving. Your help is appreciated. > > Regards > Hemanth > > ________________________________________ > From: Raj Saini [[hidden email]] > Sent: 07 November 2009 20:37 > To: [hidden email] > Subject: Re: switching between http and https without cookies possible in ofbiz????? > > Kumaraswamy, > > If you disbable the cookies every URL must have a jsession id. This > works fine OOTB when switching one protocol to another and jsessionid is > appended to the URL. Your's is custom code or you are using OOTB? > > Thanks, > > Raj > > Kumaraswamy nandipati wrote: > >> Hi All, >> >> I am not a tech savvy. Please pull me out of this problem. >> >> Problem: I am browsing with "Disable Cookies" option for my ofbiz site. When >> ever, I switch from http to https it is asking me to login. I saw that ofbiz >> sets JSESSIONID as a cookie in normal browsing(cookie enabled). >> >> Q1) Is this problem only in ofbiz or default from tomcat. I am questioning >> because ofbiz internally uses tomcat instance??. >> >> Q2) Is there any solution for switching between http and https other than >> cookies??? Because, I want my "cookie-disabled customers" to browse >> successfully on my site to place order??. >> >> >> >> >> >> >> > > http://www.mindtree.com/email/disclaimer.html > > |
Re: switching between http and https without cookies possible in ofbiz?????
|
|
Thanks Raj.
Explaining a bit more about my problem. I am trying to launch mobile version of my store(developed on ofbiz). Most of mobiles won't support cookies. So, I want to implement my storefront without cookies. As your suggestion OOTB, appending JSESSIONID with every URL is lil bit unsecure. Because, MITM attack chances will be more with this. *Is there any other solution for switching between http and https smoothly once(first time) logged in without using cookies????*. On Sat, Nov 7, 2009 at 10:17 PM, Raj Saini <[hidden email]> wrote: > Hi Hemanth, > > Can you explain a bit more please? What do you mean "when moving". > > Thanks, > > Raj > > > Hemanth Kumar Kanamarlapudi wrote: > >> Hi All, >> >> Even i am facing this same problem of logging out in my ofbiz application >> when moving. Your help is appreciated. >> >> Regards >> Hemanth >> >> ________________________________________ >> From: Raj Saini [[hidden email]] >> Sent: 07 November 2009 20:37 >> To: [hidden email] >> Subject: Re: switching between http and https without cookies possible in >> ofbiz????? >> >> Kumaraswamy, >> >> If you disbable the cookies every URL must have a jsession id. This >> works fine OOTB when switching one protocol to another and jsessionid is >> appended to the URL. Your's is custom code or you are using OOTB? >> >> Thanks, >> >> Raj >> >> Kumaraswamy nandipati wrote: >> >> >>> Hi All, >>> >>> I am not a tech savvy. Please pull me out of this problem. >>> >>> Problem: I am browsing with "Disable Cookies" option for my ofbiz site. >>> When >>> ever, I switch from http to https it is asking me to login. I saw that >>> ofbiz >>> sets JSESSIONID as a cookie in normal browsing(cookie enabled). >>> >>> Q1) Is this problem only in ofbiz or default from tomcat. I am >>> questioning >>> because ofbiz internally uses tomcat instance??. >>> >>> Q2) Is there any solution for switching between http and https other than >>> cookies??? Because, I want my "cookie-disabled customers" to browse >>> successfully on my site to place order??. >>> >>> >>> >>> >>> >>> >>> >>> >> >> http://www.mindtree.com/email/disclaimer.html >> >> >> > > -- Thanks, Kumaraswamy.N 91-9866805250. |
Re: switching between http and https without cookies possible in ofbiz?????
|
|
Thanks Raj.
I am re-writing my mail. Please ignore my previous mail. Explaining a bit more about my problem. I am trying to launch mobile version of my store(developed on ofbiz). Most of mobiles won't support cookies. So, I want to implement my storefront without cookies. As your suggestion OOTB, appending JSESSIONID with every URL is lil bit unsecure. Because, MITM attack chances will be more with this. *Is there any other solution for switching between http and https smoothly once(first time into https) logged in @ cookies disabled by customer??????* * * *Is this problem in ofbiz or already in tomcat also??* * * *. * On Sun, Nov 8, 2009 at 11:54 AM, Kumaraswamy nandipati < [hidden email]> wrote: > Thanks Raj. > > Explaining a bit more about my problem. I am trying to launch mobile > version of my store(developed on ofbiz). Most of mobiles won't support > cookies. So, I want to implement my storefront without cookies. As your > suggestion OOTB, appending JSESSIONID with every URL is lil bit unsecure. > Because, MITM attack chances will be more with this. > > > *Is there any other solution for switching between http and https smoothly > once(first time) logged in without using cookies????*. > > > > On Sat, Nov 7, 2009 at 10:17 PM, Raj Saini <[hidden email]> wrote: > >> Hi Hemanth, >> >> Can you explain a bit more please? What do you mean "when moving". >> >> Thanks, >> >> Raj >> >> >> Hemanth Kumar Kanamarlapudi wrote: >> >>> Hi All, >>> >>> Even i am facing this same problem of logging out in my ofbiz application >>> when moving. Your help is appreciated. >>> >>> Regards >>> Hemanth >>> >>> ________________________________________ >>> From: Raj Saini [[hidden email]] >>> Sent: 07 November 2009 20:37 >>> To: [hidden email] >>> Subject: Re: switching between http and https without cookies possible in >>> ofbiz????? >>> >>> Kumaraswamy, >>> >>> If you disbable the cookies every URL must have a jsession id. This >>> works fine OOTB when switching one protocol to another and jsessionid is >>> appended to the URL. Your's is custom code or you are using OOTB? >>> >>> Thanks, >>> >>> Raj >>> >>> Kumaraswamy nandipati wrote: >>> >>> >>>> Hi All, >>>> >>>> I am not a tech savvy. Please pull me out of this problem. >>>> >>>> Problem: I am browsing with "Disable Cookies" option for my ofbiz site. >>>> When >>>> ever, I switch from http to https it is asking me to login. I saw that >>>> ofbiz >>>> sets JSESSIONID as a cookie in normal browsing(cookie enabled). >>>> >>>> Q1) Is this problem only in ofbiz or default from tomcat. I am >>>> questioning >>>> because ofbiz internally uses tomcat instance??. >>>> >>>> Q2) Is there any solution for switching between http and https other >>>> than >>>> cookies??? Because, I want my "cookie-disabled customers" to browse >>>> successfully on my site to place order??. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> http://www.mindtree.com/email/disclaimer.html >>> >>> >>> >> >> > > > -- > Thanks, > Kumaraswamy.N > 91-9866805250. > -- Thanks, Kumaraswamy.N 91-9866805250. |
|
|
Hi Kumaraswamy,
Only other way I see is hidden form variable. Instead appending the jsession id to URL send it as hidden form variable. I think you will need to make all your requests POST requests. Thanks, Raj Kumaraswamy nandipati wrote: > Thanks Raj. > > I am re-writing my mail. Please ignore my previous mail. > > Explaining a bit more about my problem. I am trying to launch mobile version > of my store(developed on ofbiz). Most of mobiles won't support cookies. So, > I want to implement my storefront without cookies. As your suggestion OOTB, > appending JSESSIONID with every URL is lil bit unsecure. Because, MITM > attack chances will be more with this. > > > *Is there any other solution for switching between http and https smoothly > once(first time into https) logged in @ cookies disabled by customer??????* > * > * > *Is this problem in ofbiz or already in tomcat also??* > * * > *. * > On Sun, Nov 8, 2009 at 11:54 AM, Kumaraswamy nandipati < > [hidden email]> wrote: > > >> Thanks Raj. >> >> Explaining a bit more about my problem. I am trying to launch mobile >> version of my store(developed on ofbiz). Most of mobiles won't support >> cookies. So, I want to implement my storefront without cookies. As your >> suggestion OOTB, appending JSESSIONID with every URL is lil bit unsecure. >> Because, MITM attack chances will be more with this. >> >> >> *Is there any other solution for switching between http and https smoothly >> once(first time) logged in without using cookies????*. >> >> >> >> On Sat, Nov 7, 2009 at 10:17 PM, Raj Saini <[hidden email]> wrote: >> >> >>> Hi Hemanth, >>> >>> Can you explain a bit more please? What do you mean "when moving". >>> >>> Thanks, >>> >>> Raj >>> >>> >>> Hemanth Kumar Kanamarlapudi wrote: >>> >>> >>>> Hi All, >>>> >>>> Even i am facing this same problem of logging out in my ofbiz application >>>> when moving. Your help is appreciated. >>>> >>>> Regards >>>> Hemanth >>>> >>>> ________________________________________ >>>> From: Raj Saini [[hidden email]] >>>> Sent: 07 November 2009 20:37 >>>> To: [hidden email] >>>> Subject: Re: switching between http and https without cookies possible in >>>> ofbiz????? >>>> >>>> Kumaraswamy, >>>> >>>> If you disbable the cookies every URL must have a jsession id. This >>>> works fine OOTB when switching one protocol to another and jsessionid is >>>> appended to the URL. Your's is custom code or you are using OOTB? >>>> >>>> Thanks, >>>> >>>> Raj >>>> >>>> Kumaraswamy nandipati wrote: >>>> >>>> >>>> >>>>> Hi All, >>>>> >>>>> I am not a tech savvy. Please pull me out of this problem. >>>>> >>>>> Problem: I am browsing with "Disable Cookies" option for my ofbiz site. >>>>> When >>>>> ever, I switch from http to https it is asking me to login. I saw that >>>>> ofbiz >>>>> sets JSESSIONID as a cookie in normal browsing(cookie enabled). >>>>> >>>>> Q1) Is this problem only in ofbiz or default from tomcat. I am >>>>> questioning >>>>> because ofbiz internally uses tomcat instance??. >>>>> >>>>> Q2) Is there any solution for switching between http and https other >>>>> than >>>>> cookies??? Because, I want my "cookie-disabled customers" to browse >>>>> successfully on my site to place order??. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> http://www.mindtree.com/email/disclaimer.html >>>> >>>> >>>> >>>> >>> >> -- >> Thanks, >> Kumaraswamy.N >> 91-9866805250. >> >> > > > > |
RE: switching between http and https without cookies possible in ofbiz?????
|
|
In reply to this post by rajsaini
Hi Raj,
This is mainly because of switching between http and https. We are transferring our control to third party paypal site for payment and on return of that we are transferring to another https page and there we are getting logging out. This behavior is not regular, some times logging out and some times not. Is it due to SSL certificate? Regards Hemanth -----Original Message----- From: Raj Saini [mailto:[hidden email]] Sent: Saturday, November 07, 2009 10:17 PM To: [hidden email] Subject: Re: switching between http and https without cookies possible in ofbiz????? Hi Hemanth, Can you explain a bit more please? What do you mean "when moving". Thanks, Raj Hemanth Kumar Kanamarlapudi wrote: > Hi All, > > Even i am facing this same problem of logging out in my ofbiz application when moving. Your help is appreciated. > > Regards > Hemanth > > ________________________________________ > From: Raj Saini [[hidden email]] > Sent: 07 November 2009 20:37 > To: [hidden email] > Subject: Re: switching between http and https without cookies possible in ofbiz????? > > Kumaraswamy, > > If you disbable the cookies every URL must have a jsession id. This > works fine OOTB when switching one protocol to another and jsessionid is > appended to the URL. Your's is custom code or you are using OOTB? > > Thanks, > > Raj > > Kumaraswamy nandipati wrote: > >> Hi All, >> >> I am not a tech savvy. Please pull me out of this problem. >> >> Problem: I am browsing with "Disable Cookies" option for my ofbiz site. When >> ever, I switch from http to https it is asking me to login. I saw that ofbiz >> sets JSESSIONID as a cookie in normal browsing(cookie enabled). >> >> Q1) Is this problem only in ofbiz or default from tomcat. I am questioning >> because ofbiz internally uses tomcat instance??. >> >> Q2) Is there any solution for switching between http and https other than >> cookies??? Because, I want my "cookie-disabled customers" to browse >> successfully on my site to place order??. >> >> >> >> >> >> >> > > http://www.mindtree.com/email/disclaimer.html > > |
|
|
I do not think it is due to SSL certificate. You are logged out because
a new session is created as session id is not carried forward when you are redirected from Paypal. Solution I see is to pass the session id to your call back URL. So when paypal calls back there should be session id in the request. Yes, session id will be part of the query. Thanks, Raj Hemanth Kumar Kanamarlapudi wrote: > Hi Raj, > > This is mainly because of switching between http and https. > We are transferring our control to third party paypal site for payment and on return of that we are transferring to another https page and there we are getting logging out. This behavior is not regular, some times logging out and some times not. Is it due to SSL certificate? > Regards > Hemanth > > > -----Original Message----- > From: Raj Saini [mailto:[hidden email]] > Sent: Saturday, November 07, 2009 10:17 PM > To: [hidden email] > Subject: Re: switching between http and https without cookies possible in ofbiz????? > > Hi Hemanth, > > Can you explain a bit more please? What do you mean "when moving". > > Thanks, > > Raj > > Hemanth Kumar Kanamarlapudi wrote: > >> Hi All, >> >> Even i am facing this same problem of logging out in my ofbiz application when moving. Your help is appreciated. >> >> Regards >> Hemanth >> >> ________________________________________ >> From: Raj Saini [[hidden email]] >> Sent: 07 November 2009 20:37 >> To: [hidden email] >> Subject: Re: switching between http and https without cookies possible in ofbiz????? >> >> Kumaraswamy, >> >> If you disbable the cookies every URL must have a jsession id. This >> works fine OOTB when switching one protocol to another and jsessionid is >> appended to the URL. Your's is custom code or you are using OOTB? >> >> Thanks, >> >> Raj >> >> Kumaraswamy nandipati wrote: >> >> >>> Hi All, >>> >>> I am not a tech savvy. Please pull me out of this problem. >>> >>> Problem: I am browsing with "Disable Cookies" option for my ofbiz site. When >>> ever, I switch from http to https it is asking me to login. I saw that ofbiz >>> sets JSESSIONID as a cookie in normal browsing(cookie enabled). >>> >>> Q1) Is this problem only in ofbiz or default from tomcat. I am questioning >>> because ofbiz internally uses tomcat instance??. >>> >>> Q2) Is there any solution for switching between http and https other than >>> cookies??? Because, I want my "cookie-disabled customers" to browse >>> successfully on my site to place order??. >>> >>> >>> >>> >>> >>> >>> >>> >> http://www.mindtree.com/email/disclaimer.html >> >> >> > > > |
Re: switching between http and https without cookies possible in ofbiz?????
|
|
Hi Raj,
By URL rewriting for https links solving my problem. I am able achieve this by using pre-defined class *OfbizUrlTransform*(not yet practiced with this. My Research seems it fits). Thanks one and all for your suggestions. On Mon, Nov 9, 2009 at 12:06 PM, Raj Saini <[hidden email]> wrote: > I do not think it is due to SSL certificate. You are logged out because a > new session is created as session id is not carried forward when you are > redirected from Paypal. Solution I see is to pass the session id to your > call back URL. So when paypal calls back there should be session id in the > request. Yes, session id will be part of the query. > > > Thanks, > > Raj > > Hemanth Kumar Kanamarlapudi wrote: > >> Hi Raj, >> >> This is mainly because of switching between http and https. >> We are transferring our control to third party paypal site for payment and >> on return of that we are transferring to another https page and there we are >> getting logging out. This behavior is not regular, some times logging out >> and some times not. Is it due to SSL certificate? >> Regards >> Hemanth >> >> >> -----Original Message----- >> From: Raj Saini [mailto:[hidden email]] >> Sent: Saturday, November 07, 2009 10:17 PM >> To: [hidden email] >> Subject: Re: switching between http and https without cookies possible in >> ofbiz????? >> >> Hi Hemanth, >> >> Can you explain a bit more please? What do you mean "when moving". >> >> Thanks, >> >> Raj >> >> Hemanth Kumar Kanamarlapudi wrote: >> >> >>> Hi All, >>> >>> Even i am facing this same problem of logging out in my ofbiz application >>> when moving. Your help is appreciated. >>> >>> Regards >>> Hemanth >>> >>> ________________________________________ >>> From: Raj Saini [[hidden email]] >>> Sent: 07 November 2009 20:37 >>> To: [hidden email] >>> Subject: Re: switching between http and https without cookies possible in >>> ofbiz????? >>> >>> Kumaraswamy, >>> >>> If you disbable the cookies every URL must have a jsession id. This >>> works fine OOTB when switching one protocol to another and jsessionid is >>> appended to the URL. Your's is custom code or you are using OOTB? >>> >>> Thanks, >>> >>> Raj >>> >>> Kumaraswamy nandipati wrote: >>> >>> >>> >>>> Hi All, >>>> >>>> I am not a tech savvy. Please pull me out of this problem. >>>> >>>> Problem: I am browsing with "Disable Cookies" option for my ofbiz site. >>>> When >>>> ever, I switch from http to https it is asking me to login. I saw that >>>> ofbiz >>>> sets JSESSIONID as a cookie in normal browsing(cookie enabled). >>>> >>>> Q1) Is this problem only in ofbiz or default from tomcat. I am >>>> questioning >>>> because ofbiz internally uses tomcat instance??. >>>> >>>> Q2) Is there any solution for switching between http and https other >>>> than >>>> cookies??? Because, I want my "cookie-disabled customers" to browse >>>> successfully on my site to place order??. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> http://www.mindtree.com/email/disclaimer.html >>> >>> >>> >>> >> >> >> >> > > -- Thanks, Kumaraswamy.N 91-9866805250. |
«
Return to OFBiz - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |