OFBiz › OFBiz - User

switching between http and https without cookies possible in ofbiz?????

10 messages Options
Embed this post
Permalink
Kumaraswamy nandipati

switching between http and https without cookies possible in ofbiz?????

Reply Threaded More More options
Print post
Permalink
Hi All,

I am not a tech savvy. Please pull me out of this problem.

Problem: I am browsing with "Disable Cookies" option for my ofbiz site. When
ever, I switch from http to https it is asking me to login. I saw that ofbiz
sets JSESSIONID as a cookie in normal browsing(cookie enabled).

Q1) Is this problem only in ofbiz or default from tomcat. I am questioning
because ofbiz internally uses tomcat instance??.

Q2) Is there any solution for switching between http and https other than
cookies???  Because, I want my "cookie-disabled customers" to browse
successfully on my site to place order??.





--
Thanks,
Kumaraswamy.N
91-9866805250.
Raj Saini

Re: switching between http and https without cookies possible in ofbiz?????

Reply Threaded More More options
Print post
Permalink
Kumaraswamy,

If you disbable the cookies every URL must have a jsession id. This
works fine OOTB when switching one protocol to another and jsessionid is
appended to the URL. Your's is custom code or you are using OOTB?

Thanks,

Raj

Kumaraswamy nandipati wrote:

> Hi All,
>
> I am not a tech savvy. Please pull me out of this problem.
>
> Problem: I am browsing with "Disable Cookies" option for my ofbiz site. When
> ever, I switch from http to https it is asking me to login. I saw that ofbiz
> sets JSESSIONID as a cookie in normal browsing(cookie enabled).
>
> Q1) Is this problem only in ofbiz or default from tomcat. I am questioning
> because ofbiz internally uses tomcat instance??.
>
> Q2) Is there any solution for switching between http and https other than
> cookies???  Because, I want my "cookie-disabled customers" to browse
> successfully on my site to place order??.
>
>
>
>
>
>  

Hemanth Kumar Kanamarlapudi

RE: switching between http and https without cookies possible in ofbiz?????

Reply Threaded More More options
Print post
Permalink
Hi All,

Even i am facing this same problem of logging out in my ofbiz application when moving. Your help is appreciated.

Regards
Hemanth

________________________________________
From: Raj Saini [[hidden email]]
Sent: 07 November 2009 20:37
To: [hidden email]
Subject: Re: switching between http and https without cookies possible in       ofbiz?????

Kumaraswamy,

If you disbable the cookies every URL must have a jsession id. This
works fine OOTB when switching one protocol to another and jsessionid is
appended to the URL. Your's is custom code or you are using OOTB?

Thanks,

Raj

Kumaraswamy nandipati wrote:

> Hi All,
>
> I am not a tech savvy. Please pull me out of this problem.
>
> Problem: I am browsing with "Disable Cookies" option for my ofbiz site. When
> ever, I switch from http to https it is asking me to login. I saw that ofbiz
> sets JSESSIONID as a cookie in normal browsing(cookie enabled).
>
> Q1) Is this problem only in ofbiz or default from tomcat. I am questioning
> because ofbiz internally uses tomcat instance??.
>
> Q2) Is there any solution for switching between http and https other than
> cookies???  Because, I want my "cookie-disabled customers" to browse
> successfully on my site to place order??.
>
>
>
>
>
>

http://www.mindtree.com/email/disclaimer.html
Raj Saini

Re: switching between http and https without cookies possible in ofbiz?????

Reply Threaded More More options
Print post
Permalink
Hi Hemanth,

Can you explain a bit more please? What do you mean "when moving".

Thanks,

Raj

Hemanth Kumar Kanamarlapudi wrote:

> Hi All,
>
> Even i am facing this same problem of logging out in my ofbiz application when moving. Your help is appreciated.
>
> Regards
> Hemanth
>
> ________________________________________
> From: Raj Saini [[hidden email]]
> Sent: 07 November 2009 20:37
> To: [hidden email]
> Subject: Re: switching between http and https without cookies possible in       ofbiz?????
>
> Kumaraswamy,
>
> If you disbable the cookies every URL must have a jsession id. This
> works fine OOTB when switching one protocol to another and jsessionid is
> appended to the URL. Your's is custom code or you are using OOTB?
>
> Thanks,
>
> Raj
>
> Kumaraswamy nandipati wrote:
>  
>> Hi All,
>>
>> I am not a tech savvy. Please pull me out of this problem.
>>
>> Problem: I am browsing with "Disable Cookies" option for my ofbiz site. When
>> ever, I switch from http to https it is asking me to login. I saw that ofbiz
>> sets JSESSIONID as a cookie in normal browsing(cookie enabled).
>>
>> Q1) Is this problem only in ofbiz or default from tomcat. I am questioning
>> because ofbiz internally uses tomcat instance??.
>>
>> Q2) Is there any solution for switching between http and https other than
>> cookies???  Because, I want my "cookie-disabled customers" to browse
>> successfully on my site to place order??.
>>
>>
>>
>>
>>
>>
>>    
>
> http://www.mindtree.com/email/disclaimer.html
>
>  

Kumaraswamy nandipati

Re: switching between http and https without cookies possible in ofbiz?????

Reply Threaded More More options
Print post
Permalink
Thanks Raj.

Explaining a bit more about my problem. I am trying to launch mobile version
of my store(developed on ofbiz). Most of mobiles won't support cookies. So,
I want to implement my storefront without cookies. As your suggestion OOTB,
appending JSESSIONID with every URL is lil bit unsecure. Because, MITM
attack chances will be more with this.


*Is there any other solution for switching between http and https smoothly
once(first time) logged in without using cookies????*.



On Sat, Nov 7, 2009 at 10:17 PM, Raj Saini <[hidden email]> wrote:

> Hi Hemanth,
>
> Can you explain a bit more please? What do you mean "when moving".
>
> Thanks,
>
> Raj
>
>
> Hemanth Kumar Kanamarlapudi wrote:
>
>> Hi All,
>>
>> Even i am facing this same problem of logging out in my ofbiz application
>> when moving. Your help is appreciated.
>>
>> Regards
>> Hemanth
>>
>> ________________________________________
>> From: Raj Saini [[hidden email]]
>> Sent: 07 November 2009 20:37
>> To: [hidden email]
>> Subject: Re: switching between http and https without cookies possible in
>>       ofbiz?????
>>
>> Kumaraswamy,
>>
>> If you disbable the cookies every URL must have a jsession id. This
>> works fine OOTB when switching one protocol to another and jsessionid is
>> appended to the URL. Your's is custom code or you are using OOTB?
>>
>> Thanks,
>>
>> Raj
>>
>> Kumaraswamy nandipati wrote:
>>
>>
>>> Hi All,
>>>
>>> I am not a tech savvy. Please pull me out of this problem.
>>>
>>> Problem: I am browsing with "Disable Cookies" option for my ofbiz site.
>>> When
>>> ever, I switch from http to https it is asking me to login. I saw that
>>> ofbiz
>>> sets JSESSIONID as a cookie in normal browsing(cookie enabled).
>>>
>>> Q1) Is this problem only in ofbiz or default from tomcat. I am
>>> questioning
>>> because ofbiz internally uses tomcat instance??.
>>>
>>> Q2) Is there any solution for switching between http and https other than
>>> cookies???  Because, I want my "cookie-disabled customers" to browse
>>> successfully on my site to place order??.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> http://www.mindtree.com/email/disclaimer.html
>>
>>
>>
>
>


--
Thanks,
Kumaraswamy.N
91-9866805250.
Kumaraswamy nandipati

Re: switching between http and https without cookies possible in ofbiz?????

Reply Threaded More More options
Print post
Permalink
Thanks Raj.

I am re-writing my mail. Please ignore my previous mail.

Explaining a bit more about my problem. I am trying to launch mobile version
of my store(developed on ofbiz). Most of mobiles won't support cookies. So,
I want to implement my storefront without cookies. As your suggestion OOTB,
appending JSESSIONID with every URL is lil bit unsecure. Because, MITM
attack chances will be more with this.


*Is there any other solution for switching between http and https smoothly
once(first time into https) logged in @ cookies disabled by customer??????*
*
*
*Is this problem in ofbiz or already in tomcat also??*
* *
*. *
On Sun, Nov 8, 2009 at 11:54 AM, Kumaraswamy nandipati <
[hidden email]> wrote:

> Thanks Raj.
>
> Explaining a bit more about my problem. I am trying to launch mobile
> version of my store(developed on ofbiz). Most of mobiles won't support
> cookies. So, I want to implement my storefront without cookies. As your
> suggestion OOTB, appending JSESSIONID with every URL is lil bit unsecure.
> Because, MITM attack chances will be more with this.
>
>
> *Is there any other solution for switching between http and https smoothly
> once(first time) logged in without using cookies????*.
>
>
>
> On Sat, Nov 7, 2009 at 10:17 PM, Raj Saini <[hidden email]> wrote:
>
>> Hi Hemanth,
>>
>> Can you explain a bit more please? What do you mean "when moving".
>>
>> Thanks,
>>
>> Raj
>>
>>
>> Hemanth Kumar Kanamarlapudi wrote:
>>
>>> Hi All,
>>>
>>> Even i am facing this same problem of logging out in my ofbiz application
>>> when moving. Your help is appreciated.
>>>
>>> Regards
>>> Hemanth
>>>
>>> ________________________________________
>>> From: Raj Saini [[hidden email]]
>>> Sent: 07 November 2009 20:37
>>> To: [hidden email]
>>> Subject: Re: switching between http and https without cookies possible in
>>>       ofbiz?????
>>>
>>> Kumaraswamy,
>>>
>>> If you disbable the cookies every URL must have a jsession id. This
>>> works fine OOTB when switching one protocol to another and jsessionid is
>>> appended to the URL. Your's is custom code or you are using OOTB?
>>>
>>> Thanks,
>>>
>>> Raj
>>>
>>> Kumaraswamy nandipati wrote:
>>>
>>>
>>>> Hi All,
>>>>
>>>> I am not a tech savvy. Please pull me out of this problem.
>>>>
>>>> Problem: I am browsing with "Disable Cookies" option for my ofbiz site.
>>>> When
>>>> ever, I switch from http to https it is asking me to login. I saw that
>>>> ofbiz
>>>> sets JSESSIONID as a cookie in normal browsing(cookie enabled).
>>>>
>>>> Q1) Is this problem only in ofbiz or default from tomcat. I am
>>>> questioning
>>>> because ofbiz internally uses tomcat instance??.
>>>>
>>>> Q2) Is there any solution for switching between http and https other
>>>> than
>>>> cookies???  Because, I want my "cookie-disabled customers" to browse
>>>> successfully on my site to place order??.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> http://www.mindtree.com/email/disclaimer.html
>>>
>>>
>>>
>>
>>
>
>
> --
> Thanks,
> Kumaraswamy.N
> 91-9866805250.
>



--
Thanks,
Kumaraswamy.N
91-9866805250.
Raj Saini

Re: switching between http and https without cookies possible in ofbiz?????

Reply Threaded More More options
Print post
Permalink
Hi Kumaraswamy,

Only other way I see is  hidden form variable. Instead appending the
jsession id to URL send it as hidden form variable. I think you will
need to make all your requests POST requests.

Thanks,

Raj

Kumaraswamy nandipati wrote:

> Thanks Raj.
>
> I am re-writing my mail. Please ignore my previous mail.
>
> Explaining a bit more about my problem. I am trying to launch mobile version
> of my store(developed on ofbiz). Most of mobiles won't support cookies. So,
> I want to implement my storefront without cookies. As your suggestion OOTB,
> appending JSESSIONID with every URL is lil bit unsecure. Because, MITM
> attack chances will be more with this.
>
>
> *Is there any other solution for switching between http and https smoothly
> once(first time into https) logged in @ cookies disabled by customer??????*
> *
> *
> *Is this problem in ofbiz or already in tomcat also??*
> * *
> *. *
> On Sun, Nov 8, 2009 at 11:54 AM, Kumaraswamy nandipati <
> [hidden email]> wrote:
>
>  
>> Thanks Raj.
>>
>> Explaining a bit more about my problem. I am trying to launch mobile
>> version of my store(developed on ofbiz). Most of mobiles won't support
>> cookies. So, I want to implement my storefront without cookies. As your
>> suggestion OOTB, appending JSESSIONID with every URL is lil bit unsecure.
>> Because, MITM attack chances will be more with this.
>>
>>
>> *Is there any other solution for switching between http and https smoothly
>> once(first time) logged in without using cookies????*.
>>
>>
>>
>> On Sat, Nov 7, 2009 at 10:17 PM, Raj Saini <[hidden email]> wrote:
>>
>>    
>>> Hi Hemanth,
>>>
>>> Can you explain a bit more please? What do you mean "when moving".
>>>
>>> Thanks,
>>>
>>> Raj
>>>
>>>
>>> Hemanth Kumar Kanamarlapudi wrote:
>>>
>>>      
>>>> Hi All,
>>>>
>>>> Even i am facing this same problem of logging out in my ofbiz application
>>>> when moving. Your help is appreciated.
>>>>
>>>> Regards
>>>> Hemanth
>>>>
>>>> ________________________________________
>>>> From: Raj Saini [[hidden email]]
>>>> Sent: 07 November 2009 20:37
>>>> To: [hidden email]
>>>> Subject: Re: switching between http and https without cookies possible in
>>>>       ofbiz?????
>>>>
>>>> Kumaraswamy,
>>>>
>>>> If you disbable the cookies every URL must have a jsession id. This
>>>> works fine OOTB when switching one protocol to another and jsessionid is
>>>> appended to the URL. Your's is custom code or you are using OOTB?
>>>>
>>>> Thanks,
>>>>
>>>> Raj
>>>>
>>>> Kumaraswamy nandipati wrote:
>>>>
>>>>
>>>>        
>>>>> Hi All,
>>>>>
>>>>> I am not a tech savvy. Please pull me out of this problem.
>>>>>
>>>>> Problem: I am browsing with "Disable Cookies" option for my ofbiz site.
>>>>> When
>>>>> ever, I switch from http to https it is asking me to login. I saw that
>>>>> ofbiz
>>>>> sets JSESSIONID as a cookie in normal browsing(cookie enabled).
>>>>>
>>>>> Q1) Is this problem only in ofbiz or default from tomcat. I am
>>>>> questioning
>>>>> because ofbiz internally uses tomcat instance??.
>>>>>
>>>>> Q2) Is there any solution for switching between http and https other
>>>>> than
>>>>> cookies???  Because, I want my "cookie-disabled customers" to browse
>>>>> successfully on my site to place order??.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>          
>>>> http://www.mindtree.com/email/disclaimer.html
>>>>
>>>>
>>>>
>>>>        
>>>      
>> --
>> Thanks,
>> Kumaraswamy.N
>> 91-9866805250.
>>
>>    
>
>
>
>  

Hemanth Kumar Kanamarlapudi

RE: switching between http and https without cookies possible in ofbiz?????

Reply Threaded More More options
Print post
Permalink
In reply to this post by Raj Saini
Hi Raj,

This is mainly because of switching between http and https.
We are transferring our control to third party paypal site for payment and on return of that we are transferring to another https page and there we are getting logging out. This behavior is not regular, some times logging out and some times not. Is it due to SSL certificate?
Regards
Hemanth


-----Original Message-----
From: Raj Saini [mailto:[hidden email]]
Sent: Saturday, November 07, 2009 10:17 PM
To: [hidden email]
Subject: Re: switching between http and https without cookies possible in ofbiz?????

Hi Hemanth,

Can you explain a bit more please? What do you mean "when moving".

Thanks,

Raj

Hemanth Kumar Kanamarlapudi wrote:

> Hi All,
>
> Even i am facing this same problem of logging out in my ofbiz application when moving. Your help is appreciated.
>
> Regards
> Hemanth
>
> ________________________________________
> From: Raj Saini [[hidden email]]
> Sent: 07 November 2009 20:37
> To: [hidden email]
> Subject: Re: switching between http and https without cookies possible in       ofbiz?????
>
> Kumaraswamy,
>
> If you disbable the cookies every URL must have a jsession id. This
> works fine OOTB when switching one protocol to another and jsessionid is
> appended to the URL. Your's is custom code or you are using OOTB?
>
> Thanks,
>
> Raj
>
> Kumaraswamy nandipati wrote:
>
>> Hi All,
>>
>> I am not a tech savvy. Please pull me out of this problem.
>>
>> Problem: I am browsing with "Disable Cookies" option for my ofbiz site. When
>> ever, I switch from http to https it is asking me to login. I saw that ofbiz
>> sets JSESSIONID as a cookie in normal browsing(cookie enabled).
>>
>> Q1) Is this problem only in ofbiz or default from tomcat. I am questioning
>> because ofbiz internally uses tomcat instance??.
>>
>> Q2) Is there any solution for switching between http and https other than
>> cookies???  Because, I want my "cookie-disabled customers" to browse
>> successfully on my site to place order??.
>>
>>
>>
>>
>>
>>
>>
>
> http://www.mindtree.com/email/disclaimer.html
>
>

Raj Saini

Re: switching between http and https without cookies possible in ofbiz?????

Reply Threaded More More options
Print post
Permalink
I do not think it is due to SSL certificate. You are logged out because
a new session is created as session id is not carried forward when you
are redirected from Paypal. Solution I see is to pass the session id to
your call back URL. So when paypal calls back there should be session id
in the request. Yes, session id will be part of the query.

Thanks,

Raj

Hemanth Kumar Kanamarlapudi wrote:

> Hi Raj,
>
> This is mainly because of switching between http and https.
> We are transferring our control to third party paypal site for payment and on return of that we are transferring to another https page and there we are getting logging out. This behavior is not regular, some times logging out and some times not. Is it due to SSL certificate?
> Regards
> Hemanth
>
>
> -----Original Message-----
> From: Raj Saini [mailto:[hidden email]]
> Sent: Saturday, November 07, 2009 10:17 PM
> To: [hidden email]
> Subject: Re: switching between http and https without cookies possible in ofbiz?????
>
> Hi Hemanth,
>
> Can you explain a bit more please? What do you mean "when moving".
>
> Thanks,
>
> Raj
>
> Hemanth Kumar Kanamarlapudi wrote:
>  
>> Hi All,
>>
>> Even i am facing this same problem of logging out in my ofbiz application when moving. Your help is appreciated.
>>
>> Regards
>> Hemanth
>>
>> ________________________________________
>> From: Raj Saini [[hidden email]]
>> Sent: 07 November 2009 20:37
>> To: [hidden email]
>> Subject: Re: switching between http and https without cookies possible in       ofbiz?????
>>
>> Kumaraswamy,
>>
>> If you disbable the cookies every URL must have a jsession id. This
>> works fine OOTB when switching one protocol to another and jsessionid is
>> appended to the URL. Your's is custom code or you are using OOTB?
>>
>> Thanks,
>>
>> Raj
>>
>> Kumaraswamy nandipati wrote:
>>
>>    
>>> Hi All,
>>>
>>> I am not a tech savvy. Please pull me out of this problem.
>>>
>>> Problem: I am browsing with "Disable Cookies" option for my ofbiz site. When
>>> ever, I switch from http to https it is asking me to login. I saw that ofbiz
>>> sets JSESSIONID as a cookie in normal browsing(cookie enabled).
>>>
>>> Q1) Is this problem only in ofbiz or default from tomcat. I am questioning
>>> because ofbiz internally uses tomcat instance??.
>>>
>>> Q2) Is there any solution for switching between http and https other than
>>> cookies???  Because, I want my "cookie-disabled customers" to browse
>>> successfully on my site to place order??.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>      
>> http://www.mindtree.com/email/disclaimer.html
>>
>>
>>    
>
>
>  

Kumaraswamy nandipati

Re: switching between http and https without cookies possible in ofbiz?????

Reply Threaded More More options
Print post
Permalink
Hi Raj,

By URL rewriting for https links solving my problem. I am able achieve this
by using pre-defined class *OfbizUrlTransform*(not yet practiced with this.
My Research seems it fits).

Thanks one and all for your suggestions.


On Mon, Nov 9, 2009 at 12:06 PM, Raj Saini <[hidden email]> wrote:

> I do not think it is due to SSL certificate. You are logged out because a
> new session is created as session id is not carried forward when you are
> redirected from Paypal. Solution I see is to pass the session id to your
> call back URL. So when paypal calls back there should be session id in the
> request. Yes, session id will be part of the query.
>
>
> Thanks,
>
> Raj
>
> Hemanth Kumar Kanamarlapudi wrote:
>
>> Hi Raj,
>>
>> This is mainly because of switching between http and https.
>> We are transferring our control to third party paypal site for payment and
>> on return of that we are transferring to another https page and there we are
>> getting logging out. This behavior is not regular, some times logging out
>> and some times not. Is it due to SSL certificate?
>> Regards
>> Hemanth
>>
>>
>> -----Original Message-----
>> From: Raj Saini [mailto:[hidden email]]
>> Sent: Saturday, November 07, 2009 10:17 PM
>> To: [hidden email]
>> Subject: Re: switching between http and https without cookies possible in
>> ofbiz?????
>>
>> Hi Hemanth,
>>
>> Can you explain a bit more please? What do you mean "when moving".
>>
>> Thanks,
>>
>> Raj
>>
>> Hemanth Kumar Kanamarlapudi wrote:
>>
>>
>>> Hi All,
>>>
>>> Even i am facing this same problem of logging out in my ofbiz application
>>> when moving. Your help is appreciated.
>>>
>>> Regards
>>> Hemanth
>>>
>>> ________________________________________
>>> From: Raj Saini [[hidden email]]
>>> Sent: 07 November 2009 20:37
>>> To: [hidden email]
>>> Subject: Re: switching between http and https without cookies possible in
>>>       ofbiz?????
>>>
>>> Kumaraswamy,
>>>
>>> If you disbable the cookies every URL must have a jsession id. This
>>> works fine OOTB when switching one protocol to another and jsessionid is
>>> appended to the URL. Your's is custom code or you are using OOTB?
>>>
>>> Thanks,
>>>
>>> Raj
>>>
>>> Kumaraswamy nandipati wrote:
>>>
>>>
>>>
>>>> Hi All,
>>>>
>>>> I am not a tech savvy. Please pull me out of this problem.
>>>>
>>>> Problem: I am browsing with "Disable Cookies" option for my ofbiz site.
>>>> When
>>>> ever, I switch from http to https it is asking me to login. I saw that
>>>> ofbiz
>>>> sets JSESSIONID as a cookie in normal browsing(cookie enabled).
>>>>
>>>> Q1) Is this problem only in ofbiz or default from tomcat. I am
>>>> questioning
>>>> because ofbiz internally uses tomcat instance??.
>>>>
>>>> Q2) Is there any solution for switching between http and https other
>>>> than
>>>> cookies???  Because, I want my "cookie-disabled customers" to browse
>>>> successfully on my site to place order??.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>> http://www.mindtree.com/email/disclaimer.html
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>
>


--
Thanks,
Kumaraswamy.N
91-9866805250.
Free Embeddable Forum Powered by Nabble Help